fix(users): remove required roles input when editing user + prevent owner's roles from being edited

fixes #239
2026-04-12 03:06:43 +02:00 · 2022-09-07 09:33:10 +00:00 · 2022-09-07 09:33:10 +00:00 · 1c8af7550b
commit 1c8af7550b
parent 7512e2ed1f
5 changed files with 34 additions and 5 deletions
--- a/modules/Admin/Controllers/UserController.php
+++ b/modules/Admin/Controllers/UserController.php
@ -143,6 +143,17 @@ class UserController extends BaseController
        $authorize = Services::authorization();

        $roles = $this->request->getPost('roles');
+
+        if ($this->user->isOwner) {
+            return redirect()
+                ->back()
+                ->with('errors', [
+                    lang('User.messages.editOwnerError', [
+                        'username' => $this->user->username,
+                    ]),
+                ]);
+        }
+
        $authorize->setUserGroups($this->user->id, $roles ?? []);

        // Success!