diff --git a/src/controllers/accounts/edit.js b/src/controllers/accounts/edit.js index a6b2f7ad55..497564d88a 100644 --- a/src/controllers/accounts/edit.js +++ b/src/controllers/accounts/edit.js @@ -19,6 +19,7 @@ editController.get = function(req, res, callback) { return callback(err); } + userData['username:disableEdit'] = !userData.isAdmin && parseInt(meta.config['username:disableEdit'], 10) === 1; userData.title = '[[pages:account/edit, ' + userData.username + ']]'; userData.breadcrumbs = helpers.buildBreadcrumbs([{text: userData.username, url: '/user/' + userData.userslug}, {text: '[[user:edit]]'}]); diff --git a/src/socket.io/user/profile.js b/src/socket.io/user/profile.js index a245c6e29d..5a365d6ff2 100644 --- a/src/socket.io/user/profile.js +++ b/src/socket.io/user/profile.js @@ -117,12 +117,17 @@ module.exports = function(SocketUser) { return next(new Error('[[error:invalid-data]]')); } - if (parseInt(meta.config['username:disableEdit'], 10) === 1) { + user.isAdministrator(socket.uid, next); + }, + function(isAdmin, next) { + if (!isAdmin && socket.uid !== parseInt(data.uid, 10)) { + return next(new Error('[[error:no-privileges]]')); + } + + if (!isAdmin && parseInt(meta.config['username:disableEdit'], 10) === 1) { data.username = oldUserData.username; } - user.isAdminOrSelf(socket.uid, data.uid, next); - }, - function (next) { + user.updateProfile(data.uid, data, next); }, function (userData, next) {