diff options
| author |  Inverle <inverle@proton.me>
| 2025-08-03 23:14:59 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2025-08-03 23:14:59 +0200 |
| commit | 26377b543d8b1cc4f3c0c60300d49fcbb2dcfa13 (patch) | |
| tree | cbfa866e14eb031ee35d51c7f5d55453d52ff707 /app | |
| parent | 502090edcdd96e6b1c2f5471dd7b5670ebf6124f (diff) | |
Fix create user bugs (#7783)
* Fix registration regression due to #7753
* Add missing access check
Diffstat (limited to 'app')
| -rw-r--r-- | app/Controllers/userController.php | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php index c4c3c00a8..0acdc65c7 100644 --- a/app/Controllers/userController.php +++ b/app/Controllers/userController.php @@ -365,7 +365,7 @@ class FreshRSS_user_Controller extends FreshRSS_ActionController { Minz_Error::error(403); } - if (self::reauthRedirect()) { + if (FreshRSS_Auth::hasAccess('admin') && self::reauthRedirect()) { return; } @@ -422,10 +422,15 @@ class FreshRSS_user_Controller extends FreshRSS_ActionController { ); } + $is_admin = false; + if (FreshRSS_Auth::hasAccess('admin')) { + $is_admin = Minz_Request::paramBoolean('new_user_is_admin'); + } + $ok = self::createUser($new_user_name, $email, $passwordPlain, [ 'language' => Minz_Request::paramString('new_user_language') ?: FreshRSS_Context::userConf()->language, 'timezone' => Minz_Request::paramString('new_user_timezone'), - 'is_admin' => Minz_Request::paramBoolean('new_user_is_admin'), + 'is_admin' => $is_admin, 'enabled' => true, ]); Minz_Request::_param('new_user_passwordPlain'); //Discard plain-text password ASAP |