mirror_php/winter
1
0
Fork 0
mirror of https://github.com/wintercms/winter.git synced 2024-06-28 05:33:29 +02:00
Code Issues Projects Releases Wiki Activity

Prevent user from impersonating self

Browse Source
This commit is contained in:
Luke Towers 2021-08-21 02:44:32 -06:00
parent 3e81da9f32
commit 53fc77778a
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
modules/backend/models/User.php
View File

@ -243,14 +243,20 @@ class User extends UserBase
/**
* Check if this user can be impersonated by the provided impersonator
* Super users cannot be impersonated and all users cannot be impersonated unless there is an impersonator
* present and the impersonator has access to `backend.impersonate_users`.
* present and the impersonator has access to `backend.impersonate_users`, and the impersonator is not the
* user being impersonated
*
* @param static|false $impersonator The user attempting to impersonate this user, false when not available
* @return boolean
*/
public function canBeImpersonated($impersonator = false)
{
if ($this->isSuperUser() || !$impersonator || !$impersonator->hasAccess('backend.impersonate_users')) {
if (
$this->isSuperUser() ||
!$impersonator ||
!$impersonator->hasAccess('backend.impersonate_users') ||
$impersonator === $this
) {
return false;
}
return true;