From f2abbd0e8f134a4e33e5108866a494e307cf6953 Mon Sep 17 00:00:00 2001 From: snipe Date: Tue, 30 Jun 2015 22:10:23 -0700 Subject: [PATCH] Deny editing users on demo --- app/controllers/admin/UsersController.php | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/app/controllers/admin/UsersController.php b/app/controllers/admin/UsersController.php index 44252d67af..5f510b0216 100755 --- a/app/controllers/admin/UsersController.php +++ b/app/controllers/admin/UsersController.php @@ -245,6 +245,11 @@ class UsersController extends AdminController $this->decodePermissions($permissions); app('request')->request->set('permissions', $permissions); + // Only update the email address if locking is set to false + if (Config::get('app.lock_passwords')) { + return Redirect::route('users')->with('error', 'Denied! You cannot update user information on the demo.'); + } + try { // Get the user information $user = Sentry::getUserProvider()->findById($id); @@ -277,11 +282,6 @@ class UsersController extends AdminController return Redirect::back()->withInput()->withErrors($validator); } - // Only update the email address if locking is set to false - if (!Config::get('app.lock_passwords')) { - $user->email = Input::get('email'); - } - try { // Update the user $user->first_name = Input::get('first_name'); @@ -325,7 +325,6 @@ class UsersController extends AdminController // Assign the user to groups foreach ($groupsToAdd as $groupId) { $group = Sentry::getGroupProvider()->findById($groupId); - $user->addGroup($group); }