From: Alexander Ebert <ebert@woltlab.com>
Date: Wed, 5 Jun 2024 10:32:49 +0000 (+0200)
Subject: Disallow regular users from updating domain settings in enterprise mode
X-Git-Tag: 6.0.15_dev_1~11
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=235cc9339e15ac399bfa9557da0eeef587c7743e;p=GitHub%2FWoltLab%2FWCF.git

Disallow regular users from updating domain settings in enterprise mode
---

diff --git a/wcfsetup/install/files/lib/acp/form/RescueModeForm.class.php b/wcfsetup/install/files/lib/acp/form/RescueModeForm.class.php
index ccceaa6206..5886b9efcc 100644
--- a/wcfsetup/install/files/lib/acp/form/RescueModeForm.class.php
+++ b/wcfsetup/install/files/lib/acp/form/RescueModeForm.class.php
@@ -192,6 +192,10 @@ final class RescueModeForm extends AbstractForm
         if (!WCF::getSession()->getPermission('admin.configuration.canManageApplication')) {
             throw new UserInputException('username', 'notAuthorized');
         }
+
+        if (ENABLE_ENTERPRISE_MODE && !WCF::getUser()->hasOwnerAccess()) {
+            throw new UserInputException('username', 'notAuthorized');
+        }
     }
 
     private function validateDomainName(): void