relax restrictions to the design tools menu to allow those with write_pages permission; this doesn't fix the underlying modules though as there are some potential security issues at the moment.
This commit is contained in:
zotlabs
parent
85ccfb4bbc
commit
a2e0706d55
@ -6,16 +6,9 @@ class Design_tools {
|
|||||||
|
|
||||||
function widget($arr) {
|
function widget($arr) {
|
||||||
|
|
||||||
// mod menu doesn't load a profile. For any modules which load a profile, check it.
|
if(perm_is_allowed(\App::$profile['profile_uid'],get_observer_hash(),'write_pages') || (\App::$is_sys && is_site_admin()))
|
||||||
// otherwise local_channel() is sufficient for permissions.
|
|
||||||
|
|
||||||
if(\App::$profile['profile_uid'])
|
|
||||||
if((\App::$profile['profile_uid'] != local_channel()) && (! \App::$is_sys))
|
|
||||||
return '';
|
|
||||||
|
|
||||||
if(! local_channel())
|
|
||||||
return '';
|
|
||||||
|
|
||||||
return design_tools();
|
return design_tools();
|
||||||
|
|
||||||
|
return EMPTY_STR;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -2404,7 +2404,7 @@ function jindent($json) {
|
|||||||
*/
|
*/
|
||||||
function design_tools() {
|
function design_tools() {
|
||||||
|
|
||||||
$channel = App::get_channel();
|
$channel = channelx_by_n(App::$profile['profile_uid']);
|
||||||
$sys = false;
|
$sys = false;
|
||||||
|
|
||||||
if(App::$is_sys && is_site_admin()) {
|
if(App::$is_sys && is_site_admin()) {
|
||||||
|
|||||||
Reference in New Issue
Block a user