allow get param if no post

LimeSurvey · Nov 6, 2017 · b1190ab · b1190ab
1 parent 89b6f19
commit b1190ab
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/application/controllers/admin/useraction.php b/application/controllers/admin/useraction.php
@@ -487,7 +487,9 @@ public function savepermissions()
     public function setuserpermissions()
     {
         $iUserID = (int) Yii::app()->request->getPost('uid');
-        $aBaseUserPermissions = Permission::model()->getGlobalBasePermissions();
+        if(!$iUserID){
+            $iUserID = Yii::app()->request->getParam('uid');
+        }
         if ($iUserID) {
             //Only super admin (read) can update other user
             if(Permission::model()->hasGlobalPermission('superadmin','read')) {
@@ -554,6 +556,9 @@ public function setusertemplates()
         App()->getClientScript()->registerPackage('jquery-tablesorter');
         App()->getClientScript()->registerScriptFile( App()->getConfig('adminscripts') . 'users.js');
         $postuserid = (int) Yii::app()->request->getPost("uid");
+        if(!$postuserid){
+            $postuserid = Yii::app()->request->getParam('uid');
+        }
         $oUser = User::model()->findByAttributes(array('uid' => $postuserid));
         if(!$oUser) {
             // @todo : review to send a 403

diff --git a/tests/data/views/adminUsersViews.php b/tests/data/views/adminUsersViews.php
@@ -10,4 +10,8 @@
 
     ['usersIndex', ['route'=>'user/sa/index']],
     ['modifyUser', ['route'=>'user/sa/modifyuser/uid/{UID}']],
+
+    // needs POST implementation
+    //['modifyUser', ['route'=>'user/sa/setuserpermissions/uid/']],
+    setusertemplates
 ];