From b668befbb27a183f71b55714e6b7764e494721d5 Mon Sep 17 00:00:00 2001
From: Tuan Pham Ngoc <github@joomdonation.com>
Date: Tue, 17 Aug 2021 23:24:43 +0700
Subject: [PATCH] Secure created_by like other core components

---
 .../components/com_weblinks/src/Model/WeblinkModel.php      | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/administrator/components/com_weblinks/src/Model/WeblinkModel.php b/src/administrator/components/com_weblinks/src/Model/WeblinkModel.php
index e671cf4..17c72c2 100644
--- a/src/administrator/components/com_weblinks/src/Model/WeblinkModel.php
+++ b/src/administrator/components/com_weblinks/src/Model/WeblinkModel.php
@@ -142,6 +142,12 @@ class WeblinkModel extends AdminModel
 			$form->setFieldAttribute('publish_down', 'filter', 'unset');
 		}
 
+		// Don't allow to change the created_by user if not allowed to access com_users.
+		if (!Factory::getApplication()->getIdentity()->authorise('core.manage', 'com_users'))
+		{
+			$form->setFieldAttribute('created_by', 'filter', 'unset');
+		}
+
 		return $form;
 	}