Admin: don't search for banned users without the scope
An admin must have the admin.user.ban scope in order to search for banned or disabled users in the member directory.
This commit is contained in:
parent
7c7d3a11e5
commit
ed008a99e6
|
@ -366,7 +366,7 @@ func SearchUsers(user *User, search *UserSearch, pager *Pagination) ([]*User, er
|
|||
|
||||
// Only admin user can show disabled/banned users.
|
||||
var statuses = []string{}
|
||||
if user.IsAdmin {
|
||||
if user.HasAdminScope(config.ScopeUserBan) {
|
||||
if search.IsBanned {
|
||||
statuses = append(statuses, UserStatusBanned)
|
||||
}
|
||||
|
|
|
@ -101,7 +101,7 @@
|
|||
{{end}}
|
||||
<option value="admin"{{if eq $Root.Certified "admin"}} selected{{end}}>Website administrators</option>
|
||||
</optgroup>
|
||||
{{if .CurrentUser.IsAdmin}}
|
||||
{{if .CurrentUser.HasAdminScope "admin.user.ban"}}
|
||||
<optgroup label="Admin Options">
|
||||
<option value="banned"{{if eq $Root.Certified "banned"}} selected{{end}}>☮ Banned</option>
|
||||
<option value="disabled"{{if eq $Root.Certified "disabled"}} selected{{end}}>☮ Disabled</option>
|
||||
|
|
Loading…
Reference in New Issue
Block a user