From 43e1c486f1dfbf2397246ab3353fca0bd251fdbd Mon Sep 17 00:00:00 2001
From: Antoine D <106921102+Suboyyy@users.noreply.github.com>
Date: Fri, 11 Oct 2024 19:34:34 +0200
Subject: [PATCH] security: disable possibility for non-admin users from
 editing  fields except "place" in user modal (#404)

---
 src/components/dashboard/UserModal.tsx | 23 +++++++++--------------
 1 file changed, 9 insertions(+), 14 deletions(-)

diff --git a/src/components/dashboard/UserModal.tsx b/src/components/dashboard/UserModal.tsx
index c53af6b9..22de6503 100644
--- a/src/components/dashboard/UserModal.tsx
+++ b/src/components/dashboard/UserModal.tsx
@@ -275,26 +275,20 @@ const UserModal = ({
       containerClassName={styles.userModal}>
       <>
         <Input label="ID" value={searchUser?.id ?? ''} readOnly />
-        <Input label="Nom" value={lastname} onChange={setLastname} disabled={!isAdmin && !isAnim} />
-        <Input label="Prénom" value={firstname} onChange={setFirstname} disabled={!isAdmin && !isAnim} />
+        <Input label="Nom" value={lastname} onChange={setLastname} disabled={!isAdmin} />
+        <Input label="Prénom" value={firstname} onChange={setFirstname} disabled={!isAdmin} />
         {(!searchUser || searchUser.type !== UserType.attendant) && (
           <>
-            <Input label="Pseudo" value={username} onChange={setUsername} disabled={!isAdmin && !isAnim} />
-            <Input label="Email" value={email} onChange={setEmail} disabled={!isAdmin && !isAnim} />
+            <Input label="Pseudo" value={username} onChange={setUsername} disabled={!isAdmin} />
+            <Input label="Email" value={email} onChange={setEmail} disabled={!isAdmin} />
             {!searchUser && (
-              <Input
-                label="Mot de passe"
-                type="password"
-                value={password}
-                onChange={setPassword}
-                disabled={!isAdmin && !isAnim}
-              />
+              <Input label="Mot de passe" type="password" value={password} onChange={setPassword} disabled={!isAdmin} />
             )}
             <Textarea
               label="Infos complémentaires"
               value={customMessage ?? ''}
               onChange={setCustomMessage}
-              disabled={!isAdmin && !isAnim}
+              disabled={!isAdmin}
             />
             {searchUser && (
               <>
@@ -426,7 +420,7 @@ const UserModal = ({
               options={typeOptions}
               value={type?.toString()}
               onChange={(v) => setType(v as unknown as UserType)}
-              disabled={searchUser.hasPaid}></Radio>
+              disabled={searchUser.hasPaid || !isAdmin}></Radio>
             <Radio
               label="Âge"
               name="age"
@@ -435,13 +429,14 @@ const UserModal = ({
               value={age?.toString()}
               onChange={(v) => setAge(v as unknown as UserAge)}
               disabled={
+                !isAdmin ||
                 searchUser.type === UserType.attendant ||
                 (searchUser.hasPaid && searchUser.age === UserAge.child && searchUser.attendant !== null)
               }></Radio>
             {searchUser.type !== UserType.attendant && (
               <>
                 <Input label="Place" value={place} onChange={setPlace} />
-                <Input label="Discord Id" value={discordId} onChange={setDiscordId}></Input>
+                <Input label="Discord Id" value={discordId} onChange={setDiscordId} disabled={!isAdmin}></Input>
               </>
             )}
           </>