Diplomarbeit-Absolventenverein/oqtane.framework
9
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #5320 from sbwalker/dev

Browse Source 
use consistent authorization method
This commit is contained in:
Shaun Walker 2025-05-16 12:11:16 -04:00 committed by GitHub
commit 338b0ae509
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Oqtane.Server/Controllers/UserController.cs
View File

@ -205,8 +205,8 @@ namespace Oqtane.Controllers
if (ModelState.IsValid && user.SiteId == _tenantManager.GetAlias().SiteId && user.UserId == id && existing != null if (ModelState.IsValid && user.SiteId == _tenantManager.GetAlias().SiteId && user.UserId == id && existing != null
&& (_userPermissions.IsAuthorized(User, user.SiteId, EntityNames.User, -1, PermissionNames.Write, RoleNames.Admin) || User.Identity.Name == user.Username)) && (_userPermissions.IsAuthorized(User, user.SiteId, EntityNames.User, -1, PermissionNames.Write, RoleNames.Admin) || User.Identity.Name == user.Username))
{ {
// only administrators can update the email confirmation // only authorized users can update the email confirmation
if (!User.IsInRole(RoleNames.Admin)) if (!_userPermissions.IsAuthorized(User, user.SiteId, EntityNames.User, -1, PermissionNames.Write, RoleNames.Admin))
{ {
user.EmailConfirmed = existing.EmailConfirmed; user.EmailConfirmed = existing.EmailConfirmed;
} }