This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse the repository at this point in the history
Deny access to user edit action for low-priv users
Previously you could open the user edit page but not successfully make changes if you didn't have permission to edit that user. Now you won't be able to view that page at all. The edit page shows that user's settings and the "identity" half of their API keys, which shouldn't be accessible. (cherry picked from commit 4193c1b)
- Loading branch information
Showing 1 changed file with 5 additions and 0 deletions.