summaryrefslogtreecommitdiffstats
path: root/modules-available/dozmod/inc/pagedozmodusers.inc.php
diff options
context:
space:
mode:
Diffstat (limited to 'modules-available/dozmod/inc/pagedozmodusers.inc.php')
-rw-r--r--modules-available/dozmod/inc/pagedozmodusers.inc.php15
1 files changed, 13 insertions, 2 deletions
diff --git a/modules-available/dozmod/inc/pagedozmodusers.inc.php b/modules-available/dozmod/inc/pagedozmodusers.inc.php
index 8da07923..621f7d34 100644
--- a/modules-available/dozmod/inc/pagedozmodusers.inc.php
+++ b/modules-available/dozmod/inc/pagedozmodusers.inc.php
@@ -16,11 +16,22 @@ class Page_dozmod_users extends Page
protected function doAjax()
{
+ User::load();
+
$action = Request::post('action', '', 'string');
if ($action === 'setmail' || $action === 'setsu' || $action == 'setlogin') {
- $this->setUserOption($action);
+ if (User::hasPermission("users.".$action)) {
+ $this->setUserOption($action);
+ } else {
+ die("No permission.");
+ }
+
} elseif ($action === 'setorglogin') {
- $this->setOrgOption($action);
+ if (User::hasPermission("users.orglogin")) {
+ $this->setOrgOption($action);
+ } else {
+ die("No permission.");
+ }
} else {
die('No such action');
}
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-05-27 16:22:43 +0200