AccountController: Prohibit password changes for users with `no-user/password-change`

This commit is contained in:
Johannes Meyer 2019-12-05 09:13:34 +01:00
parent 7ae3f187bd
commit 67cc81e49f
1 changed files with 13 additions and 11 deletions

View File

@ -43,17 +43,19 @@ class AccountController extends Controller
$config = Config::app()->getSection('global');
$user = $this->Auth()->getUser();
if ($user->getAdditional('backend_type') === 'db') {
try {
$userBackend = UserBackend::create($user->getAdditional('backend_name'));
} catch (ConfigurationError $e) {
$userBackend = null;
}
if ($userBackend !== null) {
$changePasswordForm = new ChangePasswordForm();
$changePasswordForm
->setBackend($userBackend)
->handleRequest();
$this->view->changePasswordForm = $changePasswordForm;
if ($user->can('*') || ! $user->can('no-user/password-change')) {
try {
$userBackend = UserBackend::create($user->getAdditional('backend_name'));
} catch (ConfigurationError $e) {
$userBackend = null;
}
if ($userBackend !== null) {
$changePasswordForm = new ChangePasswordForm();
$changePasswordForm
->setBackend($userBackend)
->handleRequest();
$this->view->changePasswordForm = $changePasswordForm;
}
}
}