Commit d5b5e6d8 authored by Curtis Adam's avatar Curtis Adam

Don't allow normal users to modify the Login-Kennung field

parent d67f19f4
......@@ -162,7 +162,7 @@ Meteor.methods({
updateUsersVisibility: function (visible) {
check(visible, Boolean);
Meteor.users.update(Meteor.user()._id, {
Meteor.users.update(Meteor.userId(), {
$set: {
visible: visible
}
......@@ -171,7 +171,8 @@ Meteor.methods({
updateUsersEmail: function (email) {
check(email, String);
Meteor.users.update(Meteor.user()._id, {
Meteor.users.update(Meteor.userId(), {
$set: {
email: email
}
......@@ -181,16 +182,21 @@ Meteor.methods({
check(name, String);
check(id, String);
Meteor.users.update(id, {
$set: {
"profile.name": name
}
});
if (UserPermissions.isAdmin()) {
Meteor.users.update(id, {
$set: {
"profile.name": name
}
});
}
},
updateUsersTitle: function (title, id) {
check(title, String);
check(id, String);
if (!UserPermissions.isAdmin()) {
id = Meteor.userId();
}
Meteor.users.update(id, {
$set: {
"profile.title": title
......@@ -201,6 +207,9 @@ Meteor.methods({
check(birthname, String);
check(id, String);
if (!UserPermissions.isAdmin()) {
id = Meteor.userId();
}
Meteor.users.update(id, {
$set: {
"profile.birthname": birthname
......@@ -211,6 +220,9 @@ Meteor.methods({
check(givenname, String);
check(id, String);
if (!UserPermissions.isAdmin()) {
id = Meteor.userId();
}
Meteor.users.update(id, {
$set: {
"profile.givenname": givenname
......@@ -222,6 +234,9 @@ Meteor.methods({
check(web, Boolean);
check(id, String);
if (!UserPermissions.isAdmin()) {
id = Meteor.userId();
}
Meteor.users.update(id, {
$set: {
mailNotification: mail,
......@@ -233,6 +248,9 @@ Meteor.methods({
check(completed, Boolean);
check(id, String);
if (!UserPermissions.isAdmin()) {
id = Meteor.userId();
}
Meteor.users.update(id, {
$set: {
"profile.completed": completed
......
......@@ -48,14 +48,6 @@
<span id="errorEmailValidation" class="help-block name"></span>
</div>
</div>
<div class="form-group">
<label class="col-md-4 control-label">{{_ "panel-body.name"}}</label>
<div class="col-md-8">
<input type="text" class="form-control" id="inputName"
placeholder="{{_ "panel-body.name-desc"}}" value="{{getUser.profile.name}}">
<span id="errorName" class="help-block name"></span>
</div>
</div>
<div class="form-group">
<label class="col-md-4 control-label">{{_ "panel-body.title"}}</label>
<div class="col-md-8">
......
......@@ -117,18 +117,6 @@ Template.profileSettings.events({
$('#errorEmailValidation').html(TAPi18n.__('panel-body.emailValidationError'));
}
},
"keyup #inputName": function () {
Session.set("profileSettingsCancel", false);
//E-Mail wasn't changed
if ($('#inputEmailValidation').val() === '' && $('#inputEmail').val() === Meteor.users.findOne(Meteor.userId()).email) {
$('#inputEmailValidationForm').addClass("hidden");
Session.set("profileSettingsSave", false);
} else if ($('#inputEmail').val() === $('#inputEmailValidation').val()) {//E-Mail was changed and is right
Session.set("profileSettingsSave", false);
} else {//E-Mail was changed and is wrong
Session.set("profileSettingsSave", true);
}
},
"keyup #inputBirthName": function () {
Session.set("profileSettingsCancel", false);
//E-Mail wasn't changed
......@@ -239,47 +227,23 @@ Template.profileSettings.events({
}
// Name validation
var name = $('#inputName').val();
var user_id = Meteor.userId();
Meteor.call("checkUsersName", name, user_id, function (error, result) {
if (error) {
$('#inputName').parent().parent().addClass('has-error');
$('#errorName').html(TAPi18n.__('panel-body.nameAlreadyExists'));
} else {
var validName = false;
if (result.length < 5) {
$('#inputName').parent().parent().addClass('has-error');
$('#errorName').html(TAPi18n.__('panel-body.nameToShort'));
} else if (result.length > 25) {
$('#inputName').parent().parent().addClass('has-error');
$('#errorName').html(TAPi18n.__('panel-body.nameToLong'));
} else {
$('#inputName').parent().parent().removeClass('has-error');
$('#inputName').parent().parent().addClass('has-success');
$('#errorName').html('');
name = result;
validName = true;
}
if (validEmail && validName && validBirthName && validGivenName) {
let mailNotification = document.getElementById('mailNotificationCheckbox').checked;
let webNotification = document.getElementById('webNotificationCheckbox').checked;
$('#inputEmailValidation').val('');
$('#inputEmailValidationForm').addClass("hidden");
Session.set("profileSettingsSave", true);
Session.set("profileSettingsCancel", true);
Meteor.call("updateUsersEmail", email);
Meteor.call("updateUsersBirthName", birthname, user_id);
Meteor.call("updateUsersGivenName", givenname, user_id);
Meteor.call("updateUsersProfileState", true, user_id);
Meteor.call("updateUsersName", result, user_id);
Meteor.call("updateUsersNotification", mailNotification, webNotification, user_id);
BertAlertVisuals.displayBertAlert(TAPi18n.__('profile.saved'), 'success', 'growl-top-left');
} else {
BertAlertVisuals.displayBertAlert(TAPi18n.__('profile.error'), 'warning', 'growl-top-left');
}
}
});
let user_id = Meteor.userId();
if (validEmail && validBirthName && validGivenName) {
let mailNotification = document.getElementById('mailNotificationCheckbox').checked;
let webNotification = document.getElementById('webNotificationCheckbox').checked;
$('#inputEmailValidation').val('');
$('#inputEmailValidationForm').addClass("hidden");
Session.set("profileSettingsSave", true);
Session.set("profileSettingsCancel", true);
Meteor.call("updateUsersEmail", email);
Meteor.call("updateUsersBirthName", birthname, user_id);
Meteor.call("updateUsersGivenName", givenname, user_id);
Meteor.call("updateUsersProfileState", true, user_id);
Meteor.call("updateUsersNotification", mailNotification, webNotification, user_id);
BertAlertVisuals.displayBertAlert(TAPi18n.__('profile.saved'), 'success', 'growl-top-left');
} else {
BertAlertVisuals.displayBertAlert(TAPi18n.__('profile.error'), 'warning', 'growl-top-left');
}
},
"change #mailNotificationCheckbox, change #webNotificationCheckbox": function () {
Session.set("profileSettingsSave", false);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment