Admin: don't search for banned users without the scope

An admin must have the admin.user.ban scope in order to search for
banned or disabled users in the member directory.
This commit is contained in:
Noah Petherbridge 2024-05-11 14:10:59 -07:00
parent 7c7d3a11e5
commit ed008a99e6
2 changed files with 2 additions and 2 deletions

View File

@ -366,7 +366,7 @@ func SearchUsers(user *User, search *UserSearch, pager *Pagination) ([]*User, er
// Only admin user can show disabled/banned users.
var statuses = []string{}
if user.IsAdmin {
if user.HasAdminScope(config.ScopeUserBan) {
if search.IsBanned {
statuses = append(statuses, UserStatusBanned)
}

View File

@ -101,7 +101,7 @@
{{end}}
<option value="admin"{{if eq $Root.Certified "admin"}} selected{{end}}>Website administrators</option>
</optgroup>
{{if .CurrentUser.IsAdmin}}
{{if .CurrentUser.HasAdminScope "admin.user.ban"}}
<optgroup label="Admin Options">
<option value="banned"{{if eq $Root.Certified "banned"}} selected{{end}}>☮ Banned</option>
<option value="disabled"{{if eq $Root.Certified "disabled"}} selected{{end}}>☮ Disabled</option>