SRSoftware/Umbrella
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

Merge branch 'dev' into feature/document

Browse Source
This commit is contained in:
Stephan Richter
2025-07-09 00:36:43 +02:00
parent 5b5e6a9387 6427eec0a7
commit 878fd21436
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
user/src/main/java/de/srsoftware/umbrella/user/UserModule.java
View File

@@ -167,7 +167,7 @@ public class UserModule extends BaseHandler implements UserHelper {
long userId = Long.parseLong(head); long userId = Long.parseLong(head);
if (user.isEmpty()) return forbidden(ex); if (user.isEmpty()) return forbidden(ex);
if (!(user.get() instanceof DbUser dbUser)) return forbidden(ex); if (!(user.get() instanceof DbUser dbUser)) return forbidden(ex);
if (dbUser.id() == userId || dbUser.permissions().contains(LIST_USERS)) return forbidden(ex); if (!(dbUser.id() == userId || dbUser.permissions().contains(LIST_USERS))) return forbidden(ex);
return sendContent(ex,users.load(userId)); return sendContent(ex,users.load(userId));
} catch (UmbrellaException e) { } catch (UmbrellaException e) {
return send(ex,e); return send(ex,e);
@@ -195,7 +195,7 @@ public class UserModule extends BaseHandler implements UserHelper {
userId = Long.parseLong(head); userId = Long.parseLong(head);
DbUser editedUser = (DbUser) users.load(userId); DbUser editedUser = (DbUser) users.load(userId);
if (!(requestingUser.get() instanceof DbUser dbUser) || !dbUser.permissions().contains(UPDATE_USERS)) return sendContent(ex,HTTP_FORBIDDEN,"You are not allowed to update user "+editedUser.name()); if (!(requestingUser.get() instanceof DbUser dbUser) || !(dbUser.id() == userId || dbUser.permissions().contains(UPDATE_USERS))) return sendContent(ex,HTTP_FORBIDDEN,"You are not allowed to update user "+editedUser.name());
JSONObject json; JSONObject json;
try { try {