diff options
| author | Eli Schwartz <eschwartz@archlinux.org> | 2019-08-18 09:17:05 +0200 |
|---|---|---|
| committer | Eli Schwartz <eschwartz@archlinux.org> | 2019-08-18 19:01:37 +0200 |
| commit | 3ac958ac0167d1c1989fc09e893a578e8a22f21f (patch) | |
| tree | 0529a7543d0ec453d04447038c219dd57cece732 /web/template | |
| parent | 7f008b0bc4610dad15c6dfaaf724d4d5bad84c55 (diff) | |
| download | aur-3ac958ac0167d1c1989fc09e893a578e8a22f21f.tar.gz aur-3ac958ac0167d1c1989fc09e893a578e8a22f21f.tar.xz | |
Move permission for LIST_COMMENTS to dev/tu block
In commit 3578e77ad4e9258495eed7e786b7dc3aebcf1b63 we implemented
listing of comments from the account details page , but this was
intended to only be available to TUs and Devs. As the comment says:
"display the comment list if they're a TU/dev"
The credential checking code, however, set this credential for all
users, contrary to the intention of the commit.
In order to preserve the ability to list a person's own comments, also
declare the allowed uids based on the profile being viewed.
Diffstat (limited to 'web/template')
| -rw-r--r-- | web/template/account_details.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/web/template/account_details.php b/web/template/account_details.php index fa6b528c..84f8b9c5 100644 --- a/web/template/account_details.php +++ b/web/template/account_details.php @@ -82,7 +82,7 @@ <?php if (can_edit_account($row)): ?> <li><a href="<?= get_user_uri($row['Username']); ?>edit"><?= __("Edit this user's account") ?></a></li> <?php endif; ?> - <?php if (has_credential(CRED_ACCOUNT_LIST_COMMENTS)): ?> + <?php if (has_credential(CRED_ACCOUNT_LIST_COMMENTS, array($row['ID']))): ?> <li><a href="<?= get_user_uri($row['Username']); ?>comments"><?= __("List this user's comments") ?></a></li> <?php endif; ?> </ul></td> |