|
10 | 10 | using Umbraco.Core.Logging; |
11 | 11 | using umbraco.BasePages; |
12 | 12 | using umbraco.BusinessLogic; |
| 13 | +using umbraco.businesslogic.Exceptions; |
13 | 14 | using umbraco.cms.businesslogic.media; |
14 | 15 | using umbraco.cms.businesslogic.propertytype; |
15 | 16 | using umbraco.cms.businesslogic.web; |
@@ -64,20 +65,27 @@ public EditUser() |
64 | 65 |
|
65 | 66 | protected void Page_Load(object sender, EventArgs e) |
66 | 67 | { |
| 68 | + //if the current user is not an admin they cannot edit a user at all |
| 69 | + if (CurrentUser.IsAdmin() == false) |
| 70 | + { |
| 71 | + throw new UserAuthorizationException("Access denied"); |
| 72 | + } |
67 | 73 |
|
68 | 74 | int UID = int.Parse(Request.QueryString["id"]); |
69 | 75 | u = BusinessLogic.User.GetUser(UID); |
70 | 76 |
|
71 | | - // do initial check for edit rights |
| 77 | + //the true admin can only edit the true admin |
72 | 78 | if (u.Id == 0 && CurrentUser.Id != 0) |
73 | 79 | { |
74 | 80 | throw new Exception("Only the root user can edit the 'root' user (id:0)"); |
75 | 81 | } |
76 | | - else if (u.IsAdmin() && !CurrentUser.IsAdmin()) |
| 82 | + |
| 83 | + //only another admin can edit another admin (who is not the true admin) |
| 84 | + if (u.IsAdmin() && CurrentUser.IsAdmin() == false) |
77 | 85 | { |
78 | 86 | throw new Exception("Admin users can only be edited by admins"); |
79 | 87 | } |
80 | | - |
| 88 | + |
81 | 89 | // check if canvas editing is enabled |
82 | 90 | DefaultToLiveEditing.Visible = UmbracoSettings.EnableCanvasEditing; |
83 | 91 |
|
@@ -351,6 +359,8 @@ private void setupForm() |
351 | 359 |
|
352 | 360 | protected override void OnInit(EventArgs e) |
353 | 361 | { |
| 362 | + base.OnInit(e); |
| 363 | + |
354 | 364 | //lapps.SelectionMode = ListSelectionMode.Multiple; |
355 | 365 | lapps.RepeatLayout = RepeatLayout.Flow; |
356 | 366 | lapps.RepeatDirection = RepeatDirection.Vertical; |
|
0 commit comments