From d7ac234036a10f575a902af6fc63bb890f85c7b1 Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Thu, 16 Jan 2020 14:25:51 +0100
Subject: fix: Make sure to have user conf in hasAccess (#2769)

The `FreshRSS_Auth::hasAccess` method is called during auth
initialization (`app/FreshRSS.php:78`), only for `user#create` action.
However, at this step, the `user` configuration namespace hasn't be
initialized yet, and so users weren't able to register because of the
exception... quite critical!
---
 app/Models/Auth.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'app/Models/Auth.php')

diff --git a/app/Models/Auth.php b/app/Models/Auth.php
index 3eb57a877..f8f97e74e 100644
--- a/app/Models/Auth.php
+++ b/app/Models/Auth.php
@@ -116,14 +116,16 @@ class FreshRSS_Auth {
 	 */
 	public static function hasAccess($scope = 'general') {
 		$systemConfiguration = Minz_Configuration::get('system');
-		$userConfiguration = Minz_Configuration::get('user');
+		$currentUser = Minz_Session::param('currentUser');
+		$userConfiguration = get_user_configuration($currentUser);
+		$isAdmin = $userConfiguration && $userConfiguration->is_admin;
 		$default_user = $systemConfiguration->default_user;
 		$ok = self::$login_ok;
 		switch ($scope) {
 		case 'general':
 			break;
 		case 'admin':
-			$ok &= $default_user === Minz_Session::param('currentUser') || $userConfiguration->is_admin;
+			$ok &= $default_user === $currentUser || $isAdmin;
 			break;
 		default:
 			$ok = false;
-- 
cgit v1.2.3