aboutsummaryrefslogtreecommitdiff
path: root/app/Controllers/userController.php
diff options
context:
space:
mode:
Diffstat (limited to 'app/Controllers/userController.php')
-rw-r--r--app/Controllers/userController.php9
1 files changed, 7 insertions, 2 deletions
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index c4c3c00a8..0acdc65c7 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -365,7 +365,7 @@ class FreshRSS_user_Controller extends FreshRSS_ActionController {
Minz_Error::error(403);
}
- if (self::reauthRedirect()) {
+ if (FreshRSS_Auth::hasAccess('admin') && self::reauthRedirect()) {
return;
}
@@ -422,10 +422,15 @@ class FreshRSS_user_Controller extends FreshRSS_ActionController {
);
}
+ $is_admin = false;
+ if (FreshRSS_Auth::hasAccess('admin')) {
+ $is_admin = Minz_Request::paramBoolean('new_user_is_admin');
+ }
+
$ok = self::createUser($new_user_name, $email, $passwordPlain, [
'language' => Minz_Request::paramString('new_user_language') ?: FreshRSS_Context::userConf()->language,
'timezone' => Minz_Request::paramString('new_user_timezone'),
- 'is_admin' => Minz_Request::paramBoolean('new_user_is_admin'),
+ 'is_admin' => $is_admin,
'enabled' => true,
]);
Minz_Request::_param('new_user_passwordPlain'); //Discard plain-text password ASAP
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-10 11:22:15 +0000