Don't use current user permission, when we check accessibility to unblock_invitees configuration for plugin

Created on 8 September 2022, over 2 years ago

Updated 7 April 2023, about 2 years ago

Problem/Motivation

Currently we disable field unblock_invitees based on permissions of the current user and set it to 0 if user doesn't have.
It means the current user without "administer account settings" could override current settings.

Proposed resolution

This field should not be updated if user doesn't have permission "administer account settings"

🐛 Bug report

Status

Fixed

Version

2.1

Component

Code

Created by

🇧🇪Belgium lobsterr

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment about 2 years ago →
System Message

LOBsTerr → committed 038adea4 on 2.x
Issue #3308732 by LOBsTerr: Don't use current user permission, when we...
Comment about 2 years ago →
🇧🇪Belgium lobsterr
Comment about 2 years ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024