relax restrictions to the design tools menu to allow those with write_pages permission; this doesn't fix the underlying modules though as there are some potential security issues at the moment.
This commit is contained in:
zotlabs
parent
85ccfb4bbc
commit
a2e0706d55
@ -6,16 +6,9 @@ class Design_tools {
|
||||
|
||||
function widget($arr) {
|
||||
|
||||
// mod menu doesn't load a profile. For any modules which load a profile, check it.
|
||||
// otherwise local_channel() is sufficient for permissions.
|
||||
if(perm_is_allowed(\App::$profile['profile_uid'],get_observer_hash(),'write_pages') || (\App::$is_sys && is_site_admin()))
|
||||
return design_tools();
|
||||
|
||||
if(\App::$profile['profile_uid'])
|
||||
if((\App::$profile['profile_uid'] != local_channel()) && (! \App::$is_sys))
|
||||
return '';
|
||||
|
||||
if(! local_channel())
|
||||
return '';
|
||||
|
||||
return design_tools();
|
||||
return EMPTY_STR;
|
||||
}
|
||||
}
|
||||
@ -2404,7 +2404,7 @@ function jindent($json) {
|
||||
*/
|
||||
function design_tools() {
|
||||
|
||||
$channel = App::get_channel();
|
||||
$channel = channelx_by_n(App::$profile['profile_uid']);
|
||||
$sys = false;
|
||||
|
||||
if(App::$is_sys && is_site_admin()) {
|
||||
|
||||
Reference in New Issue
Block a user