From 4ec1ebade400725266d65dcdd368b4cee238284e Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Tue, 29 May 2018 19:11:28 +0200
Subject: [PATCH] Feed attributes only for admin (#1905)

* Feed attributes only for admin

https://github.com/FreshRSS/FreshRSS/pull/1838

* Changelog 1905

https://github.com/FreshRSS/FreshRSS/pull/1905
---
 CHANGELOG.md                               |  5 +++--
 app/Controllers/subscriptionController.php | 11 ++++++++---
 app/views/helpers/feed/update.phtml        |  2 ++
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 88cdce03e..759f5eaaf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,8 +10,9 @@
 	* Several per-feed options (implemented in JSON) [#1838](https://github.com/FreshRSS/FreshRSS/pull/1838)
 		* Mark updated articles as read [#891](https://github.com/FreshRSS/FreshRSS/issues/891)
 		* Mark as read upon reception [#1702](https://github.com/FreshRSS/FreshRSS/issues/1702)
-		* Feed cURL timeout
-		* Ignore SSL (unsafe) [#1811](https://github.com/FreshRSS/FreshRSS/issues/1811)
+		* Only for admin user [#1905](https://github.com/FreshRSS/FreshRSS/pull/1905)
+			* Feed cURL timeout
+			* Ignore SSL (unsafe) [#1811](https://github.com/FreshRSS/FreshRSS/issues/1811)
 	* Light Boolean search implementation [#879](https://github.com/FreshRSS/FreshRSS/issues/879)
 		* All parts are implicitly `AND` (which must not be written), except if `OR` is stated.
 		* No use of parentheses. Support for quotes to disable the Boolean search, like `"This or that"`.
diff --git a/app/Controllers/subscriptionController.php b/app/Controllers/subscriptionController.php
index 860cd912f..701a588e0 100644
--- a/app/Controllers/subscriptionController.php
+++ b/app/Controllers/subscriptionController.php
@@ -98,10 +98,15 @@ class FreshRSS_subscription_Controller extends Minz_ActionController {
 
 			$feed->_attributes('mark_updated_article_unread', Minz_Request::paramTernary('mark_updated_article_unread'));
 			$feed->_attributes('read_upon_reception', Minz_Request::paramTernary('read_upon_reception'));
-			$feed->_attributes('ssl_verify', Minz_Request::paramTernary('ssl_verify'));
 
-			$timeout = intval(Minz_Request::param('timeout', 0));
-			$feed->_attributes('timeout', $timeout > 0 ? $timeout : null);
+			if (FreshRSS_Auth::hasAccess('admin')) {
+				$feed->_attributes('ssl_verify', Minz_Request::paramTernary('ssl_verify'));
+				$timeout = intval(Minz_Request::param('timeout', 0));
+				$feed->_attributes('timeout', $timeout > 0 ? $timeout : null);
+			} else {
+				$feed->_attributes('ssl_verify', null);
+				$feed->_attributes('timeout', null);
+			}
 
 			$values = array(
 				'name' => Minz_Request::param('name', ''),
diff --git a/app/views/helpers/feed/update.phtml b/app/views/helpers/feed/update.phtml
index 88a38ea58..7144aab46 100644
--- a/app/views/helpers/feed/update.phtml
+++ b/app/views/helpers/feed/update.phtml
@@ -205,6 +205,7 @@
 			</div>
 		</div>
 
+		<?php if (FreshRSS_Auth::hasAccess('admin')) { ?>
 		<div class="form-group">
 			<label class="group-name" for="timeout"><?php echo _t('sub.feed.timeout'); ?></label>
 			<div class="group-controls">
@@ -224,6 +225,7 @@
 				</label>
 			</div>
 		</div>
+		<?php } ?>
 
 		<div class="form-group form-actions">
 			<div class="group-controls">