Fixed another one of em oversights.
This commit is contained in:
parent
2dbe78f626
commit
22a7f46959
1 changed files with 7 additions and 3 deletions
10
misuzu.php
10
misuzu.php
|
@ -299,18 +299,18 @@ MIG;
|
|||
');
|
||||
$getUserDisplayInfo->bindValue('user_id', $mszUserId);
|
||||
$userDisplayInfo = $getUserDisplayInfo->execute() ? $getUserDisplayInfo->fetch() : [];
|
||||
tpl_var('current_user', $userDisplayInfo);
|
||||
}
|
||||
|
||||
csrf_init($app->getCsrfSecretKey(), empty($userDisplayInfo) ? ip_remote_address() : $_COOKIE['msz_sid']);
|
||||
|
||||
$privateInfo = $app->getPrivateInfo();
|
||||
|
||||
if (!$misuzuBypassLockdown && $privateInfo['enabled'] && !empty($userDisplayInfo)) {
|
||||
if (!$misuzuBypassLockdown && $privateInfo['enabled']) {
|
||||
if (user_session_active()) {
|
||||
$generalPerms = perms_get_user(MSZ_PERMS_GENERAL, $userDisplayInfo['user_id']);
|
||||
|
||||
if (!perms_check($generalPerms, $privateInfo['permission'])) {
|
||||
if ($privateInfo['permission'] && !perms_check($generalPerms, $privateInfo['permission'])) {
|
||||
unset($userDisplayInfo);
|
||||
user_session_stop(); // au revoir
|
||||
}
|
||||
} else {
|
||||
|
@ -322,6 +322,10 @@ MIG;
|
|||
}
|
||||
}
|
||||
|
||||
if (!empty($userDisplayInfo)) {
|
||||
tpl_var('current_user', $userDisplayInfo);
|
||||
}
|
||||
|
||||
$inManageMode = starts_with($_SERVER['REQUEST_URI'], '/manage');
|
||||
$hasManageAccess = perms_check(perms_get_user(MSZ_PERMS_GENERAL, $userDisplayInfo['user_id'] ?? 0), MSZ_PERM_GENERAL_CAN_MANAGE);
|
||||
tpl_var('has_manage_access', $hasManageAccess);
|
||||
|
|
Loading…
Add table
Reference in a new issue