diff options
| author | Ted Trask <ttrask01@yahoo.com> | 2011-05-18 14:40:51 +0000 |
|---|---|---|
| committer | Ted Trask <ttrask01@yahoo.com> | 2011-05-18 14:40:51 +0000 |
| commit | c3f69dfabcd92915e4649123b83957bafe49b3a0 (patch) | |
| tree | 4fa46e86de3ed7f5eb51c909c161b7b8d024eac3 /app | |
| parent | 5fafa6aad121b9bdd329a3195079b619d24c25e5 (diff) | |
| download | acf-core-c3f69dfabcd92915e4649123b83957bafe49b3a0.tar.bz2 acf-core-c3f69dfabcd92915e4649123b83957bafe49b3a0.tar.xz | |
Restrict options for home in editme action
Diffstat (limited to 'app')
| -rw-r--r-- | app/acf-util/password-controller.lua | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/app/acf-util/password-controller.lua b/app/acf-util/password-controller.lua index 8260d82..19362ea 100644 --- a/app/acf-util/password-controller.lua +++ b/app/acf-util/password-controller.lua @@ -1,5 +1,6 @@ module(..., package.seeall) require("controllerfunctions") +require("roles") default_action = "editme" @@ -12,9 +13,15 @@ function editme(self) self.clientdata.userid = self.sessiondata.userinfo.userid return controllerfunctions.handle_form(self, function() local value = self.model.read_user(self, self.sessiondata.userinfo.userid) - -- We don't allow a user to modify his own roles or dnsfiles + -- We don't allow a user to modify his own roles + -- Since they can't modify roles, we should restrict the available options for home + value.value.home.option = {""} + local tmp1, tmp2 = roles.get_roles_perm(self, value.value.roles.value) + table.sort(tmp2) + for i,h in ipairs(tmp2) do + value.value.home.option[#value.value.home.option+1] = h + end value.value.roles = nil - value.value.dnsfiles = nil return value end, function(value) -- If password and password_confirm are blank, don't set them |