From 1ef31d27c7b37b933f7fd0f7977d23ee186204d5 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 18 Apr 2018 17:26:05 -0700 Subject: relax restrictions to the design tools menu to allow those with write_pages permission; this doesn't fix the underlying modules though as there are some potential security issues at the moment. --- Zotlabs/Widget/Design_tools.php | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Widget/Design_tools.php b/Zotlabs/Widget/Design_tools.php index 8ab6a235d..a15c0c98d 100644 --- a/Zotlabs/Widget/Design_tools.php +++ b/Zotlabs/Widget/Design_tools.php @@ -6,16 +6,9 @@ class Design_tools { function widget($arr) { - // mod menu doesn't load a profile. For any modules which load a profile, check it. - // otherwise local_channel() is sufficient for permissions. + if(perm_is_allowed(\App::$profile['profile_uid'],get_observer_hash(),'write_pages') || (\App::$is_sys && is_site_admin())) + return design_tools(); - if(\App::$profile['profile_uid']) - if((\App::$profile['profile_uid'] != local_channel()) && (! \App::$is_sys)) - return ''; - - if(! local_channel()) - return ''; - - return design_tools(); + return EMPTY_STR; } } \ No newline at end of file -- cgit v1.2.3