Upgrade to 3.2.1
This commit is contained in:
Bastian Allgeier
@@ -81,7 +81,7 @@ class App
|
||||
public function __construct(array $props = [])
|
||||
{
|
||||
// the kirby folder directory
|
||||
static::$root = dirname(dirname(__DIR__));
|
||||
static::$root = dirname(__DIR__, 2);
|
||||
|
||||
// register all roots to be able to load stuff afterwards
|
||||
$this->bakeRoots($props['roots'] ?? []);
|
||||
|
||||
@@ -873,7 +873,7 @@ class User extends ModelWithContent
|
||||
}
|
||||
|
||||
if (password_verify($password, $this->password()) !== true) {
|
||||
throw new InvalidArgumentException(['key' => 'user.password.invalid']);
|
||||
throw new InvalidArgumentException(['key' => 'user.password.notSame']);
|
||||
}
|
||||
|
||||
return true;
|
||||
|
||||
@@ -25,6 +25,11 @@ class UserPermissions extends ModelPermissions
|
||||
|
||||
protected function canChangeRole(): bool
|
||||
{
|
||||
// users who are not admins cannot change their own role
|
||||
if ($this->user->is($this->model) === true && $this->user->isAdmin() === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return $this->model->isLastAdmin() !== true;
|
||||
}
|
||||
|
||||
|
||||
@@ -70,6 +70,13 @@ class UserRules
|
||||
|
||||
public static function changeRole(User $user, string $role): bool
|
||||
{
|
||||
if ($user->kirby()->user()->isAdmin() === false) {
|
||||
throw new PermissionException([
|
||||
'key' => 'user.changeRole.permission',
|
||||
'data' => ['name' => $user->username()]
|
||||
]);
|
||||
}
|
||||
|
||||
static::validRole($user, $role);
|
||||
|
||||
if ($role !== 'admin' && $user->isLastAdmin() === true) {
|
||||
@@ -95,6 +102,15 @@ class UserRules
|
||||
static::validEmail($user, $user->email(), true);
|
||||
static::validLanguage($user, $user->language());
|
||||
|
||||
// only admins are allowed to add admins
|
||||
$role = $props['role'] ?? null;
|
||||
|
||||
if ($role === 'admin' && $user->kirby()->user()->isAdmin() === false) {
|
||||
throw new PermissionException([
|
||||
'key' => 'user.create.permission'
|
||||
]);
|
||||
}
|
||||
|
||||
if (empty($props['password']) === false) {
|
||||
static::validPassword($user, $props['password']);
|
||||
}
|
||||
|
||||
@@ -662,10 +662,10 @@ class Query
|
||||
|
||||
if ($this->debug) {
|
||||
return [
|
||||
'query' => $sql['query'],
|
||||
'bindings' => $this->bindings(),
|
||||
'options' => $params
|
||||
];
|
||||
'query' => $sql['query'],
|
||||
'bindings' => $this->bindings(),
|
||||
'options' => $params
|
||||
];
|
||||
}
|
||||
|
||||
if ($this->fail) {
|
||||
@@ -697,10 +697,10 @@ class Query
|
||||
|
||||
if ($this->debug === true) {
|
||||
return [
|
||||
'query' => $sql['query'],
|
||||
'bindings' => $sql['bindings'],
|
||||
'options' => $params
|
||||
];
|
||||
'query' => $sql['query'],
|
||||
'bindings' => $sql['bindings'],
|
||||
'options' => $params
|
||||
];
|
||||
}
|
||||
|
||||
if ($this->fail) {
|
||||
|
||||
@@ -110,7 +110,7 @@ class Html
|
||||
}
|
||||
|
||||
if (is_array($value) === true) {
|
||||
if (isset($value['value']) && isset($value['escape'])) {
|
||||
if (isset($value['value'], $value['escape'])) {
|
||||
$value = $value['escape'] === true ? htmlspecialchars($value['value'], ENT_QUOTES, 'UTF-8') : $value['value'];
|
||||
} else {
|
||||
$value = implode(' ', array_filter($value, function ($value) {
|
||||
|
||||
Reference in New Issue
Block a user