summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--actions/editgroup.php11
1 files changed, 8 insertions, 3 deletions
diff --git a/actions/editgroup.php b/actions/editgroup.php
index e0d4c0d03..82b78cc5c 100644
--- a/actions/editgroup.php
+++ b/actions/editgroup.php
@@ -72,9 +72,7 @@ class EditgroupAction extends Action
return false;
}
- return true;
-
- $nickname_arg = $this->arg('nickname');
+ $nickname_arg = $this->trimmed('nickname');
$nickname = common_canonical_nickname($nickname_arg);
// Permanent redirect on non-canonical nickname
@@ -97,6 +95,13 @@ class EditgroupAction extends Action
return false;
}
+ $cur = common_current_user();
+
+ if (!$cur->isAdmin($group)) {
+ $this->clientError(_('You must be an admin to edit the group'), 403);
+ return false;
+ }
+
return true;
}