From 93841813b0f2c13346524c34b42d6226a7541c85 Mon Sep 17 00:00:00 2001
From: julien <julien.richarte@gmail.com>
Date: Tue, 8 Jul 2014 18:56:47 +0200
Subject: [PATCH] [Upg] fix permissions in profile view

---
 docs/changelogs.md                 | 17 ++++++++++++++++-
 src/controllers/UserController.php | 14 +++++++++-----
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/docs/changelogs.md b/docs/changelogs.md
index 3abd4e1..1178d7e 100644
--- a/docs/changelogs.md
+++ b/docs/changelogs.md
@@ -1,5 +1,20 @@
 #Versions
 
+##1.2.8
+
+* Bootstrap 3.2 upgrade
+* Fix favicon
+* jQuery 2.1.1
+* Fix item lists views not in config
+
+##1.1.23
+
+* Bootstrap 3.2 upgrade
+* Fix favicon
+* jQuery 2.1.1
+* Bulgarian support
+* Fix item lists views not in config
+
 ##1.2.7
 
 * Laravel 4.2 support
@@ -202,4 +217,4 @@ Same as 1.1.17
 
 ##1.0
 
-* First release
\ No newline at end of file
+* First release
diff --git a/src/controllers/UserController.php b/src/controllers/UserController.php
index 17a4108..133d853 100644
--- a/src/controllers/UserController.php
+++ b/src/controllers/UserController.php
@@ -336,11 +336,15 @@ public function putShow($userId)
             $user->first_name = Input::get('first_name');
             $user->permissions = $permissions;
 
+            $currentUser = Sentry::getUser();
             $permissions = (empty($permissions)) ? '' : json_encode($permissions);
-            // delete permissions in db
-            DB::table('users')
-                ->where('id', $userId)
-                ->update(array('permissions' => $permissions));
+            $hasPermissionManagement = $currentUser->hasAccess('permissions-management') || $currentUser->hasAccess('superuser');
+            if($hasPermissionManagement === true)
+            {
+                DB::table('users')
+                    ->where('id', $userId)
+                    ->update(array('permissions' => $permissions));
+            }
 
             $pass = Input::get('pass');
             if(!empty($pass))
@@ -358,7 +362,7 @@ public function putShow($userId)
                     $this->_banUser($userId, $banned);
                 }
 
-                if(Sentry::getUser()->hasAccess('user-group-management'))
+                if($currentUser->hasAccess('user-group-management'))
                 {
                     $groups = (Input::get('groups') === null) ? array() : Input::get('groups');
                     $userGroups = $user->getGroups()->toArray();