nonshy/website
nonshy/website
1
0
Fork 0
Code Issues 20 Pull Requests 1 Packages Projects Releases Wiki Activity

Admin: don't search for banned users without the scope

Browse Source 
An admin must have the admin.user.ban scope in order to search for
banned or disabled users in the member directory.
This commit is contained in:
Noah Petherbridge 2024-05-11 14:10:59 -07:00
parent 7c7d3a11e5
commit ed008a99e6
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/models/user.go
View File

@ -366,7 +366,7 @@ func SearchUsers(user *User, search *UserSearch, pager *Pagination) ([]*User, er
// Only admin user can show disabled/banned users. // Only admin user can show disabled/banned users.
var statuses = []string{} var statuses = []string{}
if user.IsAdmin { if user.HasAdminScope(config.ScopeUserBan) {
if search.IsBanned { if search.IsBanned {
statuses = append(statuses, UserStatusBanned) statuses = append(statuses, UserStatusBanned)
} }

2
web/templates/account/search.html
View File

@ -101,7 +101,7 @@
{{end}} {{end}}
<option value="admin"{{if eq $Root.Certified "admin"}} selected{{end}}>Website administrators</option> <option value="admin"{{if eq $Root.Certified "admin"}} selected{{end}}>Website administrators</option>
</optgroup> </optgroup>
{{if .CurrentUser.IsAdmin}} {{if .CurrentUser.HasAdminScope "admin.user.ban"}}
<optgroup label="Admin Options"> <optgroup label="Admin Options">
<option value="banned"{{if eq $Root.Certified "banned"}} selected{{end}}>☮ Banned</option> <option value="banned"{{if eq $Root.Certified "banned"}} selected{{end}}>☮ Banned</option>
<option value="disabled"{{if eq $Root.Certified "disabled"}} selected{{end}}>☮ Disabled</option> <option value="disabled"{{if eq $Root.Certified "disabled"}} selected{{end}}>☮ Disabled</option>