Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added exception for when a non-admin user tries assign API keys to an admin

This commit is contained in:
Claudio Sanches 2018-10-17 20:01:36 -03:00 committed by claudiulodro
parent 8618d9a976
commit a1875a135e
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
includes/class-wc-ajax.php
View File

@ -1759,6 +1759,13 @@ class WC_AJAX {
$permissions = ( in_array( $_POST['permissions'], array( 'read', 'write', 'read_write' ) ) ) ? sanitize_text_field( $_POST['permissions'] ) : 'read';
$user_id = absint( $_POST['user'] );
// Check if current user can edit other users.
if ( $user_id && ! current_user_can( 'edit_user', $user_id ) ) {
if ( get_current_user_id() !== $user_id ) {
throw new Exception( __( 'You do not have permission to assign API Keys to the selected user.', 'woocommerce' ) );
}
}
if ( 0 < $key_id ) {
$data = array(
'user_id' => $user_id,