Allow moderators to view a stripped down version of the user page in the broom closet.
This commit is contained in:
parent
3299d73df2
commit
bd683d8404
2 changed files with 29 additions and 18 deletions
|
@ -6,15 +6,25 @@ use Index\Colour\Colour;
|
|||
use Misuzu\Users\User;
|
||||
use Misuzu\Users\UserRole;
|
||||
|
||||
if(!User::hasCurrent() || !perms_check_user(MSZ_PERMS_USER, User::getCurrent()->getId(), MSZ_PERM_USER_MANAGE_USERS)) {
|
||||
if(!User::hasCurrent()) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
||||
$currentUser = User::getCurrent();
|
||||
$currentUserId = $currentUser->getId();
|
||||
|
||||
$canManageUsers = perms_check_user(MSZ_PERMS_USER, $currentUserId, MSZ_PERM_USER_MANAGE_USERS);
|
||||
$canManagePerms = perms_check_user(MSZ_PERMS_USER, $currentUserId, MSZ_PERM_USER_MANAGE_PERMS);
|
||||
$canManageNotes = perms_check_user(MSZ_PERMS_USER, $currentUserId, MSZ_PERM_USER_MANAGE_NOTES);
|
||||
|
||||
if(!$canManageUsers && !$canManageNotes) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
||||
$notices = [];
|
||||
$userId = (int)filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT);
|
||||
$currentUser = User::getCurrent();
|
||||
$currentUserId = $currentUser->getId();
|
||||
|
||||
try {
|
||||
$userInfo = User::byId($userId);
|
||||
|
@ -23,10 +33,9 @@ try {
|
|||
return;
|
||||
}
|
||||
|
||||
$canEdit = $currentUser->hasAuthorityOver($userInfo);
|
||||
$canEditPerms = $canEdit && perms_check_user(MSZ_PERMS_USER, $currentUserId, MSZ_PERM_USER_MANAGE_PERMS);
|
||||
$canManageNotes = perms_check_user(MSZ_PERMS_USER, $currentUserId, MSZ_PERM_USER_MANAGE_NOTES);
|
||||
$permissions = manage_perms_list(perms_get_user_raw($userId));
|
||||
$canEdit = $canManageUsers && $currentUser->hasAuthorityOver($userInfo);
|
||||
$canEditPerms = $canEdit && $canManagePerms;
|
||||
$permissions = $canEditPerms ? manage_perms_list(perms_get_user_raw($userId)) : [];
|
||||
|
||||
if(CSRF::validateRequest() && $canEdit) {
|
||||
if(!empty($_POST['impersonate_user'])) {
|
||||
|
|
|
@ -176,19 +176,21 @@
|
|||
</form>
|
||||
{% endif %}
|
||||
|
||||
<form method="post" action="{{ url('manage-user', {'user': user_info.id}) }}" class="container manage__user__container">
|
||||
{{ container_title('Permissions for ' ~ user_info.username ~ ' (' ~ user_info.id ~ ')') }}
|
||||
{% if permissions is not empty %}
|
||||
<form method="post" action="{{ url('manage-user', {'user': user_info.id}) }}" class="container manage__user__container">
|
||||
{{ container_title('Permissions for ' ~ user_info.username ~ ' (' ~ user_info.id ~ ')') }}
|
||||
|
||||
{{ permissions_table(permissions, not can_edit_perms) }}
|
||||
{{ permissions_table(permissions, not can_edit_perms) }}
|
||||
|
||||
{% if can_edit_perms %}
|
||||
{{ input_csrf() }}
|
||||
{% if can_edit_perms %}
|
||||
{{ input_csrf() }}
|
||||
|
||||
<div class="manage__user__buttons">
|
||||
<button class="input__button manage__user__button">Save</button>
|
||||
<button class="input__button manage__user__button" type="reset">Reset</button>
|
||||
</div>
|
||||
{% endif %}
|
||||
</form>
|
||||
<div class="manage__user__buttons">
|
||||
<button class="input__button manage__user__button">Save</button>
|
||||
<button class="input__button manage__user__button" type="reset">Reset</button>
|
||||
</div>
|
||||
{% endif %}
|
||||
</form>
|
||||
{% endif %}
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
|
Loading…
Reference in a new issue