diff --git a/app/controllers/admin/UsersController.php b/app/controllers/admin/UsersController.php index b5551a0be3..86c5f0da11 100755 --- a/app/controllers/admin/UsersController.php +++ b/app/controllers/admin/UsersController.php @@ -377,7 +377,9 @@ class UsersController extends AdminController { $user->email = Input::get('email'); $user->employee_num = Input::get('employee_num'); $user->activated = Input::get('activated', $user->activated); - $user->permissions = Input::get('permissions'); + if (Sentry::getUser()->hasAccess('superuser')) { + $user->permissions = Input::get('permissions'); + } $user->jobtitle = Input::get('jobtitle'); $user->phone = Input::get('phone'); $user->location_id = Input::get('location_id'); diff --git a/app/views/backend/users/edit.blade.php b/app/views/backend/users/edit.blade.php index aad78e4296..d140278b8b 100755 --- a/app/views/backend/users/edit.blade.php +++ b/app/views/backend/users/edit.blade.php @@ -14,6 +14,14 @@ {{-- Page content --}} @section('content') + + +
@lang('admin/users/table.lock_passwords')
- @endif + id)) ? ' disabled' : '') }} autocomplete="false" readonly onfocus="this.removeAttribute('readonly');"> + @if (Config::get('app.lock_passwords') && ($user->id)) +@lang('admin/users/table.lock_passwords')
+ @endif {{ $errors->first('username', '@lang('admin/users/table.lock_passwords')
- @endif +@lang('admin/users/table.lock_passwords')
+ @endif + + @if ((($user->id!='')) && (!Sentry::getUser()->hasAccess('superuser'))) +Only superadmins may edit a user's permissions.
+ @endif @foreach ($permissions as $area => $permissions)