PxlLoewe/var-monorepo
1
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Security Fixes

Browse Source
This commit is contained in:
PxlLoewe
2025-12-15 02:55:44 +01:00
parent 483b5eba46
commit 434154e26d
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
apps/hub/app/(app)/admin/user/[id]/_components/forms.tsx
View File

@@ -76,6 +76,20 @@ export const ProfileForm: React.FC<ProfileFormProps> = ({ user }: ProfileFormPro
className="card-body" className="card-body"
onSubmit={form.handleSubmit(async (values) => { onSubmit={form.handleSubmit(async (values) => {
if (!values.id) return; if (!values.id) return;
if (values.id === session.data?.user.id && values.permissions !== user.permissions){
toast.error("Du kannst deine eigenen Berechtigungen nicht ändern.");
return;
}
if ( values.permissions?.some((perm) => !session.data?.user.permissions.includes(perm)) ){
toast.error("Du kannst Berechtigungen nicht hinzufügen, die du selbst nicht besitzt.");
return;
}
const removedPermissions = user.permissions?.filter((perm) => !values.permissions?.includes(perm)) || [];
if ( removedPermissions.some((perm) => !session.data?.user.permissions.includes(perm)) ){
toast.error("Du kannst Berechtigungen nicht entfernen, die du selbst nicht besitzt.");
return;
}
await editUser(values.id, { await editUser(values.id, {
...values, ...values,
email: values.email.toLowerCase(), email: values.email.toLowerCase(),