diff --git a/install/templates/step_php.php b/install/templates/step_php.php
index 6a51cce5c..b4ade5dc1 100755
--- a/install/templates/step_php.php
+++ b/install/templates/step_php.php
@@ -1,6 +1,6 @@
-
+
diff --git a/system/controllers/users/actions/profile_edit_password.php b/system/controllers/users/actions/profile_edit_password.php
index d36b1c131..2b7184e58 100755
--- a/system/controllers/users/actions/profile_edit_password.php
+++ b/system/controllers/users/actions/profile_edit_password.php
@@ -8,9 +8,14 @@ class actionUsersProfileEditPassword extends cmsAction {
public function run($profile) {
- // проверяем наличие доступа
+ // Владельцы и админы могут редактировать
if (!$this->is_own_profile && !$this->cms_user->is_admin) {
- cmsCore::error404();
+ return cmsCore::error404();
+ }
+
+ // Администраторы тут могут редактировать только свои профили
+ if ($this->cms_user->is_admin && !$this->is_own_profile && $profile['is_admin']) {
+ return cmsCore::error404();
}
$form = $this->getForm('password', [$profile]);
@@ -153,7 +158,7 @@ public function run($profile) {
$result = $this->model->updateUser($profile['id'], $profile);
if ($result['success']) {
-
+
list($profile, $data, $form) = cmsEventsManager::hook('users_after_edit_password', [$profile, $data, $form]);
if (!empty($data['password1'])) {
diff --git a/system/controllers/users/actions/profile_edit_sessions.php b/system/controllers/users/actions/profile_edit_sessions.php
index 64de9d7d1..d21cd8ff3 100755
--- a/system/controllers/users/actions/profile_edit_sessions.php
+++ b/system/controllers/users/actions/profile_edit_sessions.php
@@ -11,6 +11,10 @@ public function run($profile) {
return cmsCore::error404();
}
+ if ($this->cms_user->is_admin && !$this->is_own_profile && $profile['is_admin']) {
+ return cmsCore::error404();
+ }
+
return $this->cms_template->render('profile_edit_sessions', [
'id' => $profile['id'],
'profile' => $profile,
diff --git a/system/controllers/users/frontend.php b/system/controllers/users/frontend.php
index 885379d6b..2fdc80569 100755
--- a/system/controllers/users/frontend.php
+++ b/system/controllers/users/frontend.php
@@ -235,15 +235,18 @@ public function getProfileEditMenu($profile) {
];
}
- $menu[] = [
- 'title' => LANG_SECURITY,
- 'url' => href_to_profile($profile, ['edit', 'password'])
- ];
+ if ($this->is_own_profile || (!$profile['is_admin'] && $this->cms_user->is_admin)) {
- $menu[] = [
- 'title' => LANG_USERS_SESSIONS,
- 'url' => href_to_profile($profile, ['edit', 'sessions'])
- ];
+ $menu[] = [
+ 'title' => LANG_SECURITY,
+ 'url' => href_to_profile($profile, ['edit', 'password'])
+ ];
+
+ $menu[] = [
+ 'title' => LANG_USERS_SESSIONS,
+ 'url' => href_to_profile($profile, ['edit', 'sessions'])
+ ];
+ }
list($menu, $profile) = cmsEventsManager::hook('profile_edit_menu', [$menu, $profile]);