Do not allow regular users to edit all accounts

Fixes a regression introduced in 03c6304 (Rework permission handling, 2014-07-15). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
author: Lukas Fleischer <archlinux@cryptocrack.de> 2014-07-25 11:24:53 +0200
committer: Lukas Fleischer <archlinux@cryptocrack.de> 2014-07-25 11:30:33 +0200
commit: 34aa226c6608f511694b6d5d44fbddb30e4c945a (patch)
tree: da493523a8b931ab73e4db5a69627ff0fa635e09 /web
parent: 7df8dc8bcb0989a8543d699a7c667809170a69b3 (diff)
download: aurweb-34aa226c6608f511694b6d5d44fbddb30e4c945a.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 943e80b..6232f83 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -1123,6 +1123,6 @@ function can_edit_account($acctinfo) {
 		return has_credential(CRED_ACCOUNT_EDIT_DEV);
 	}
 
-	$uid = uid_from_sid($_COOKIE['AURSID']);
+	$uid = $acctinfo['ID'];
 	return has_credential(CRED_ACCOUNT_EDIT, array($uid));
 }
author	Lukas Fleischer <archlinux@cryptocrack.de>	2014-07-25 11:24:53 +0200
committer	Lukas Fleischer <archlinux@cryptocrack.de>	2014-07-25 11:30:33 +0200
commit	34aa226c6608f511694b6d5d44fbddb30e4c945a (patch)
tree	da493523a8b931ab73e4db5a69627ff0fa635e09 /web
parent	7df8dc8bcb0989a8543d699a7c667809170a69b3 (diff)
download	aurweb-34aa226c6608f511694b6d5d44fbddb30e4c945a.tar.xz