fix: Make sure to have user conf in hasAccess (#2769)

The `FreshRSS_Auth::hasAccess` method is called during auth initialization (`app/FreshRSS.php:78`), only for `user#create` action. However, at this step, the `user` configuration namespace hasn't be initialized yet, and so users weren't able to register because of the exception... quite critical!
author: Marien Fressinaud <dev@marienfressinaud.fr> 2020-01-16 14:25:51 +0100
committer: GitHub <noreply@github.com> 2020-01-16 14:25:51 +0100
commit: d7ac234036a10f575a902af6fc63bb890f85c7b1 (patch)
tree: 3f54cb7390a833dc846144a04a279ba172b78b42 /app/Models/Auth.php
parent: 9819a72293a57e6ed75c5bac18a44d7e16c9127f (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/app/Models/Auth.php b/app/Models/Auth.php
index 3eb57a877..f8f97e74e 100644
--- a/app/Models/Auth.php
+++ b/app/Models/Auth.php
@@ -116,14 +116,16 @@ class FreshRSS_Auth {
 	 */
 	public static function hasAccess($scope = 'general') {
 		$systemConfiguration = Minz_Configuration::get('system');
-		$userConfiguration = Minz_Configuration::get('user');
+		$currentUser = Minz_Session::param('currentUser');
+		$userConfiguration = get_user_configuration($currentUser);
+		$isAdmin = $userConfiguration && $userConfiguration->is_admin;
 		$default_user = $systemConfiguration->default_user;
 		$ok = self::$login_ok;
 		switch ($scope) {
 		case 'general':
 			break;
 		case 'admin':
-			$ok &= $default_user === Minz_Session::param('currentUser') || $userConfiguration->is_admin;
+			$ok &= $default_user === $currentUser || $isAdmin;
 			break;
 		default:
 			$ok = false;
author	Marien Fressinaud <dev@marienfressinaud.fr>	2020-01-16 14:25:51 +0100
committer	GitHub <noreply@github.com>	2020-01-16 14:25:51 +0100
commit	d7ac234036a10f575a902af6fc63bb890f85c7b1 (patch)
tree	3f54cb7390a833dc846144a04a279ba172b78b42 /app/Models/Auth.php
parent	9819a72293a57e6ed75c5bac18a44d7e16c9127f (diff)