fixed so moderator can't edit or delete administrators in the same group, fixed so delete button actually works
This commit is contained in:
parent
39824efb1d
commit
0863dbb175
3 changed files with 4 additions and 6 deletions
|
@ -37,7 +37,7 @@ class UserPolicy
|
|||
|
||||
public function update(User $user, User $user2)
|
||||
{
|
||||
if ($user->isAdministrator() || ($user->isModerator() AND $user->group_id === $user2->group_id)) {
|
||||
if ($user->isAdministrator() || ($user->isModerator() AND $user->group_id === $user2->group_id AND !$user2->isAdministrator())) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
|
@ -45,7 +45,7 @@ class UserPolicy
|
|||
|
||||
public function delete(User $user, User $user2)
|
||||
{
|
||||
if ($user->isAdministrator() || ($user->isModerator() AND $user->group_id === $user2->group_id) || $user === $user2) {
|
||||
if ($user->isAdministrator() || ($user->isModerator() AND $user->group_id === $user2->group_id AND !$user2->isAdministrator()) || $user === $user2) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
|
|
|
@ -1,9 +1,7 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>Be right back.</title>
|
||||
|
||||
<link href="https://fonts.googleapis.com/css?family=Lato:100" rel="stylesheet" type="text/css">
|
||||
<title>Sorry.</title>
|
||||
|
||||
<style>
|
||||
html, body {
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
<form method="POST" class="">
|
||||
{{ csrf_field() }}
|
||||
{{ method_field('DELETE') }}
|
||||
<button type="button" id="modal-button-delete" class="btn btn-danger" formaction="/{{ Auth::user()->getAdminPath() }}/">Yes</button>
|
||||
<button id="modal-button-delete" class="btn btn-danger" formaction="/{{ Auth::user()->getAdminPath() }}/">Yes</button>
|
||||
<button type="button" class="btn btn-default" data-dismiss="modal">No</button>
|
||||
</form>
|
||||
</div>
|
||||
|
|
Reference in a new issue