NginxProxyManager/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-05-18 06:39:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5508 from Zoey2936/fix-5441

Browse Source 
Fix bug that allowed any authenticated user to modify their own roles field through the PUT
This commit is contained in:
jc21
2026-05-14 10:23:31 +10:00
committed by GitHub
parent 673082ab5b 1ad78af5a0
commit 13cfa340de
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/internal/user.js
+7 -1
View File
@@ -87,7 +87,13 @@ const internalUser = {
}
return access
.can("users:update", data.id)
.can("users:permissions", data.id)
.catch(() => {
delete data.roles;
})
.then(() => {
return access.can("users:update", data.id);
})
.then(() => {
// Make sure that the user being updated doesn't change their email to another user that is already using it
// 1. get user we want to update