tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-11791-any-user-can-change-any-other-user-s-notification-settings' into 'develop' 

Ent 11791 any user can change any other user s notification settings

See merge request artica/pandorafms!6400
This commit is contained in:
Rafael Ameijeiras 2023-11-27 11:19:14 +00:00
parent 0f1519aed3 748238a7ea
commit d6e613ca8b
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pandora_console/include/ajax/notifications.ajax.php
View File

@ -38,6 +38,10 @@ if ($change_label === '1') {
$source = get_parameter('source', 0);
$user = get_parameter('user', '');
$value = get_parameter('value', 0) ? 1 : 0;
$user_info = get_user_info($config['id_user']);
if ((bool) $user_info['is_admin'] === false && $config['id_user'] !== $user) {
return false;
}
// Update the label value.
ob_clean();

8
pandora_console/include/functions_notifications.php
View File

@ -659,7 +659,15 @@ function notifications_get_user_label_status($source, $user, $label)
*/
function notifications_set_user_label_status($source, $user, $label, $value)
{
global $config;
$user_info = get_user_info($config['id_user']);
if ((bool) $user_info['is_admin'] === false && $config['id_user'] !== $user) {
return false;
}
$source_info = notifications_get_all_sources(['id' => $source]);
if (!isset($source_info[0])
|| !$source_info[0]['enabled']
|| !$source_info[0]['user_editable']