From 2c866186b08049a9ee8bc6fd0631ac1b0922d56d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <jan.h.boehmer@gmx.de>
Date: Wed, 11 Sep 2019 17:00:03 +0200
Subject: [PATCH] Check permission when changing permissions for users.

---
 config/permissions.yaml    | 4 ++--
 src/Form/UserAdminForm.php | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/permissions.yaml b/config/permissions.yaml
index 5dad5f3b..47ba61e2 100644
--- a/config/permissions.yaml
+++ b/config/permissions.yaml
@@ -239,7 +239,7 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
         bit: 4
       delete:
         label: "perm.delete"
-        alsoSet: ['read', 'edit']
+        alsoSet: ['read', 'edit_username', 'edit_infos']
         bit: 8
       edit_username:
         label: "perm.users.edit_user_name"
@@ -259,7 +259,7 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
         bit: 12
       set_password:
         label: "perm.users.set_password"
-        alsoSet: 'set_read'
+        alsoSet: 'read'
         bit: 14
       change_user_settings:
         label: "perm.users.change_user_settings"
diff --git a/src/Form/UserAdminForm.php b/src/Form/UserAdminForm.php
index b0a91fea..524dfb39 100644
--- a/src/Form/UserAdminForm.php
+++ b/src/Form/UserAdminForm.php
@@ -116,7 +116,7 @@ class UserAdminForm extends AbstractType
             ->add('permissions', PermissionsType::class, [
                 'mapped' => false,
                 'data' => $builder->getData(),
-                //'user' => $builder->getData(),
+                'disabled' => !$this->security->isGranted('edit_permissions', $entity)
             ])
         ;
         /*->add('comment', CKEditorType::class, ['required' => false,