Skip to content

Enforce explicit actor-target checks for profile/password updates#910

Merged
giuscris merged 1 commit into
2.xfrom
refactor/explicit-user-update-checks
Jun 27, 2026
Merged

Enforce explicit actor-target checks for profile/password updates#910
giuscris merged 1 commit into
2.xfrom
refactor/explicit-user-update-checks

Conversation

@giuscris

Copy link
Copy Markdown
Member

This pull request updates user permission logic in the User class to improve security and ensure users can only perform sensitive actions on their own accounts or, for admins, on other users. The changes focus on refining checks for deleting users, changing options, passwords, and roles.

Permission logic updates:

  • Changed canDeleteUser and canChangeRoleOf to allow admins to act only on other users, not themselves.
  • Updated canChangeOptionsOf and canChangePasswordOf to allow users to modify only their own options or password, unless they are admins (who can modify any user’s options).

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR tightens permission checks in Formwork\Users\User by switching from session-derived “logged in” checks to explicit actor-vs-target comparisons, ensuring sensitive actions are only allowed for the correct user (or admins, where applicable).

Changes:

  • Updated delete/role-change permissions to allow admins to act only on other users (not themselves).
  • Updated options/password permissions to allow only self-service changes (with admins allowed to edit any user’s options).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread formwork/src/Users/User.php
@giuscris giuscris merged commit 920bcdf into 2.x Jun 27, 2026
2 checks passed
@giuscris giuscris deleted the refactor/explicit-user-update-checks branch June 27, 2026 08:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants