diff options
| author | Matthew Somerville <matthew-github@dracos.co.uk> | 2017-01-10 13:24:44 +0000 |
|---|---|---|
| committer | Matthew Somerville <matthew-github@dracos.co.uk> | 2017-01-10 17:16:22 +0000 |
| commit | d5641749504a8eb9295f95bac412cb3737256476 (patch) | |
| tree | 7b5536582e9efe20aaf1e319947150bc3ff6b384 /perllib/FixMyStreet/App/Controller/Admin.pm | |
| parent | dbed1557237be7a6a6ac31566b06b8ad24e2282c (diff) | |
Update has_body_permission_to to allow superusers.
Diffstat (limited to 'perllib/FixMyStreet/App/Controller/Admin.pm')
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Admin.pm | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Admin.pm b/perllib/FixMyStreet/App/Controller/Admin.pm index 592d37d4e..d8c5cdf6d 100644 --- a/perllib/FixMyStreet/App/Controller/Admin.pm +++ b/perllib/FixMyStreet/App/Controller/Admin.pm @@ -1006,10 +1006,9 @@ sub load_template_body : Private { my ($self, $c, $body_id) = @_; my $zurich_user = $c->user->from_body && $c->cobrand->moniker eq 'zurich'; - my $has_permission = $c->user->has_body_permission_to('template_edit') && - $c->user->from_body->id eq $body_id; + my $has_permission = $c->user->has_body_permission_to('template_edit', $body_id); - unless ( $c->user->is_superuser || $zurich_user || $has_permission ) { + unless ( $zurich_user || $has_permission ) { $c->detach( '/page_error_404_not_found', [] ); } @@ -1235,7 +1234,7 @@ sub user_edit : Path('user_edit') : Args(1) { my $user = $c->cobrand->users->find( { id => $id } ); $c->detach( '/page_error_404_not_found', [] ) unless $user; - unless ( $c->user->is_superuser || $c->user->has_body_permission_to('user_edit') || $c->cobrand->moniker eq 'zurich' ) { + unless ( $c->user->has_body_permission_to('user_edit') || $c->cobrand->moniker eq 'zurich' ) { $c->detach('/page_error_403_access_denied', []); } |