Merge branch 'maint'

author: Lukas Fleischer <archlinux@cryptocrack.de> 2013-01-30 09:25:42 +0100
committer: Lukas Fleischer <archlinux@cryptocrack.de> 2013-01-30 09:25:42 +0100
commit: 8b791dee91bef312a0c3d06a8b77a5363720a88e (patch)
tree: 26e62794e2348067c510e8b58dd497aaffe454ff /web/html/account.php
parent: 49e61845085aff6076a3dde056d08a278f447e6d (diff)
parent: 65e93f134faf9c98574a99f7f40d9f0bdb4256eb (diff)
download: aurweb-8b791dee91bef312a0c3d06a8b77a5363720a88e.tar.xz
1 files changed, 2 insertions, 5 deletions
diff --git a/web/html/account.php b/web/html/account.php
index cccdd76..2133734 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -48,11 +48,8 @@ if (isset($_COOKIE["AURSID"])) {
 		if (empty($row)) {
 			print __("Could not retrieve information for the specified user.");
 		} else {
-			# double check to make sure logged in user can edit this account
-			#
-			if ($atype == "Developer" || ($atype == "Trusted User" &&
-				$row["AccountType"] != "Developer") ||
-				($row["ID"] == uid_from_sid($_COOKIE["AURSID"]))) {
+			/* Verify user has permission to edit the account */
+			if (can_edit_account($atype, $row, uid_from_sid($_COOKIE["AURSID"]))) {
 				display_account_form($atype, "UpdateAccount", $row["Username"],
 					$row["AccountType"], $row["Suspended"], $row["Email"],
 					"", "", $row["RealName"], $row["LangPreference"],
author	Lukas Fleischer <archlinux@cryptocrack.de>	2013-01-30 09:25:42 +0100
committer	Lukas Fleischer <archlinux@cryptocrack.de>	2013-01-30 09:25:42 +0100
commit	8b791dee91bef312a0c3d06a8b77a5363720a88e (patch)
tree	26e62794e2348067c510e8b58dd497aaffe454ff /web/html/account.php
parent	49e61845085aff6076a3dde056d08a278f447e6d (diff)
parent	65e93f134faf9c98574a99f7f40d9f0bdb4256eb (diff)
download	aurweb-8b791dee91bef312a0c3d06a8b77a5363720a88e.tar.xz