LimeSurvey: master a2eece78

Diff Back to Repository
Author Committer Branch Timestamp Parent
Gabriel Jenik GitHub master 2023-06-26 15:47 master 5ff86506
Changeset

Fixed issue #18356: [security] User with only user update allowed can set/remove any role to any user (#2625)

  • Fix part of #18355: make sure a user can only assign permissions to it's own child users

Co-authored-by: encuestabizdevgit devgit@encuesta.biz
Co-authored-by: lapiudevgit devgit@lapiu.biz
mod - application/controllers/UserManagementController.php Diff File
mod - application/models/User.php Diff File
add - application/models/services/UserManager.php Diff File
mod - application/views/userManagement/partial/addrole.php Diff File
mod - application/views/userManagement/partial/editpermissions.php Diff File