From c70b2f70b0203c6db5253856bc1fd0045a647708 Mon Sep 17 00:00:00 2001
From: Tuan Pham Ngoc <github@joomdonation.com>
Date: Fri, 27 Aug 2021 10:38:45 +0700
Subject: [PATCH] Prevent changing created_by if the current user is not
 allowed to access to com_users

---
 .../components/com_weblinks/models/weblink.php              | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/administrator/components/com_weblinks/models/weblink.php b/src/administrator/components/com_weblinks/models/weblink.php
index cb238fb..2830045 100644
--- a/src/administrator/components/com_weblinks/models/weblink.php
+++ b/src/administrator/components/com_weblinks/models/weblink.php
@@ -155,6 +155,12 @@ class WeblinksModelWeblink extends JModelAdmin
 			$form->setFieldAttribute('publish_down', 'filter', 'unset');
 		}
 
+		// Don't allow to change the created_by user if not allowed to access com_users.
+		if (!JFactory::getUser()->authorise('core.manage', 'com_users'))
+		{
+			$form->setFieldAttribute('created_by', 'filter', 'unset');
+		}
+
 		return $form;
 	}