relax restrictions to the design tools menu to allow those with write_pages permission; this doesn't fix the underlying modules though as there are some potential security issues at the moment.

This commit is contained in:
zotlabs 2018-04-18 17:26:05 -07:00
parent 85ccfb4bbc
commit a2e0706d55
2 changed files with 4 additions and 11 deletions

View File

@ -6,16 +6,9 @@ class Design_tools {
function widget($arr) {
// mod menu doesn't load a profile. For any modules which load a profile, check it.
// otherwise local_channel() is sufficient for permissions.
if(perm_is_allowed(\App::$profile['profile_uid'],get_observer_hash(),'write_pages') || (\App::$is_sys && is_site_admin()))
return design_tools();
if(\App::$profile['profile_uid'])
if((\App::$profile['profile_uid'] != local_channel()) && (! \App::$is_sys))
return '';
if(! local_channel())
return '';
return design_tools();
return EMPTY_STR;
}
}

View File

@ -2404,7 +2404,7 @@ function jindent($json) {
*/
function design_tools() {
$channel = App::get_channel();
$channel = channelx_by_n(App::$profile['profile_uid']);
$sys = false;
if(App::$is_sys && is_site_admin()) {