github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-31 09:28:03 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Do not allow admins to meddle with admin and moderation access of non real users.

Browse Source
This commit is contained in:
Guo Xiang Tan
2016-12-29 11:11:33 +08:00
parent dd4937a493
commit c7b151683d
2 changed files with 26 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/guardian.rb
View File

@ -177,7 +177,7 @@ class Guardian
end
def can_grant_admin?(user)
can_administer_user?(user) && not(user.admin?)
can_administer_user?(user) && !user.admin?
end
def can_revoke_moderation?(moderator)
@ -185,7 +185,7 @@ class Guardian
end
def can_grant_moderation?(user)
can_administer?(user) && not(user.moderator?)
can_administer?(user) && !user.moderator?
end
def can_grant_title?(user)
@ -313,7 +313,7 @@ class Guardian
end
def can_administer?(obj)
is_admin? && obj.present?
is_admin? && obj.present? && obj.id&.positive?
end
def can_administer_user?(other_user)