Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

BUGFIX Don't suggest members in SecurityAdmin->autocomplete() that th…

…e current user doesn't have rights to edit (fixes #5651) (from r110858)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/trunk@112796 467b73ca-7a2a-4603-9d3b-597d59a354a9
  • Loading branch information...
commit ad5a8e0fcef9f1d976035092efe8b927eaa4e816 1 parent 949d8b3
@sminnee sminnee authored
Showing with 3 additions and 1 deletion.
  1. +3 −1 code/SecurityAdmin.php
View
4 code/SecurityAdmin.php
@@ -259,7 +259,9 @@ public function autocomplete() {
if($matches) {
$result .= "<ul>";
foreach($matches as $match) {
- if(!$match->canView()) continue;
+ // If the current user doesnt have permissions on the target user,
+ // he's not allowed to add it to a group either: Don't include it in the suggestions.
+ if(!$match->canView() || !$match->canEdit()) continue;
$data = $match->FirstName;
$data .= ",$match->Surname";
Please sign in to comment.
Something went wrong with that request. Please try again.