Diplomarbeit-Absolventenverein/oqtane.framework
9
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

use consistent authorization method

Browse Source
This commit is contained in:
sbwalker 2025-05-16 12:11:03 -04:00
parent fe9f189734
commit a437082952
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Oqtane.Server/Controllers/UserController.cs
View File

@ -205,8 +205,8 @@ namespace Oqtane.Controllers
if (ModelState.IsValid && user.SiteId == _tenantManager.GetAlias().SiteId && user.UserId == id && existing != null
&& (_userPermissions.IsAuthorized(User, user.SiteId, EntityNames.User, -1, PermissionNames.Write, RoleNames.Admin) || User.Identity.Name == user.Username))
{
// only administrators can update the email confirmation
if (!User.IsInRole(RoleNames.Admin))
// only authorized users can update the email confirmation
if (!_userPermissions.IsAuthorized(User, user.SiteId, EntityNames.User, -1, PermissionNames.Write, RoleNames.Admin))
{
user.EmailConfirmed = existing.EmailConfirmed;
}