tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

#11791 Prevent any user from changing another user's notification settings

This commit is contained in:
miguel angel rasteu 2023-09-04 12:50:23 +02:00
parent 2caa760634
commit e31a38b08b
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pandora_console/include/functions_notifications.php
View File

@ -653,7 +653,14 @@ function notifications_get_user_label_status($source, $user, $label)
*/
function notifications_set_user_label_status($source, $user, $label, $value)
{
global $config;
if ((bool) check_acl($config['id_user'], 0, 'PM') === false && $config['id_user'] !== $user) {
return false;
}
$source_info = notifications_get_all_sources(['id' => $source]);
if (!isset($source_info[0])
|| !$source_info[0]['enabled']
|| !$source_info[0]['user_editable']