diff options
Diffstat (limited to 'modules-available/dozmod/inc/pagedozmodusers.inc.php')
-rw-r--r-- | modules-available/dozmod/inc/pagedozmodusers.inc.php | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/modules-available/dozmod/inc/pagedozmodusers.inc.php b/modules-available/dozmod/inc/pagedozmodusers.inc.php index 8da07923..621f7d34 100644 --- a/modules-available/dozmod/inc/pagedozmodusers.inc.php +++ b/modules-available/dozmod/inc/pagedozmodusers.inc.php @@ -16,11 +16,22 @@ class Page_dozmod_users extends Page protected function doAjax() { + User::load(); + $action = Request::post('action', '', 'string'); if ($action === 'setmail' || $action === 'setsu' || $action == 'setlogin') { - $this->setUserOption($action); + if (User::hasPermission("users.".$action)) { + $this->setUserOption($action); + } else { + die("No permission."); + } + } elseif ($action === 'setorglogin') { - $this->setOrgOption($action); + if (User::hasPermission("users.orglogin")) { + $this->setOrgOption($action); + } else { + die("No permission."); + } } else { die('No such action'); } |