BUGFIX: Don't let non ADMINs with permission-editing rights assign themselves ADMIN permissions. (from r89805) (from r96718)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102341 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-04-12 01:47:48 +00:00
parent 19911cd241
commit 920f0aaa1a

View File

@ -534,6 +534,9 @@ class Permission extends DataObject {
);
}
// Don't let people hijack ADMIN rights
if(!Permission::check("ADMIN")) unset($allCodes['ADMIN']);
ksort($allCodes);
foreach($allCodes as $category => $permissions) {