Make sure only admins can change password of other users

author: Frederic Guillot <fred@kanboard.net> 2017-08-11 21:24:29 -0700
committer: Frederic Guillot <fred@kanboard.net> 2017-08-11 21:24:29 -0700
commit: 88dd6abbf3f519897f2f6280e95c9eec9123a4ae (patch)
tree: 0fecfbbf0facc5bd8bad5fd3fbb1b15844d26c56 /app/Controller
parent: 7a6b1bc3da0af442e02b5a2dc430a4ded8e7c4ee (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/app/Controller/UserCredentialController.php b/app/Controller/UserCredentialController.php
index 23e7edba..ae52a13c 100644
--- a/app/Controller/UserCredentialController.php
+++ b/app/Controller/UserCredentialController.php
@@ -43,6 +43,10 @@ class UserCredentialController extends BaseController
 
         list($valid, $errors) = $this->userValidator->validatePasswordModification($values);
 
+        if (! $this->userSession->isAdmin()) {
+            $values['id'] = $this->userSession->getId();
+        }
+
         if ($valid) {
             if ($this->userModel->update($values)) {
                 $this->flash->success(t('Password modified successfully.'));
author	Frederic Guillot <fred@kanboard.net>	2017-08-11 21:24:29 -0700
committer	Frederic Guillot <fred@kanboard.net>	2017-08-11 21:24:29 -0700
commit	88dd6abbf3f519897f2f6280e95c9eec9123a4ae (patch)
tree	0fecfbbf0facc5bd8bad5fd3fbb1b15844d26c56 /app/Controller
parent	7a6b1bc3da0af442e02b5a2dc430a4ded8e7c4ee (diff)