diff options
author | plegall <plg@piwigo.org> | 2014-07-25 09:10:49 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2014-07-25 09:10:49 +0000 |
commit | bf58209d7dd6cc0f53c2c4b34115dfec9574cfb8 (patch) | |
tree | 4b66991e0ff85300f21e565ea27e80f8d183e9f6 /admin/user_list.php | |
parent | 30fa11fb9aca3988ca9339dc54902a10eb1254ec (diff) |
bug 3104: less rights for admins (compared to webmaster). Now an admin can't:
* delete a webmaster
* give webmaster/admin status to any user
* change status of a webmaster/admin
git-svn-id: http://piwigo.org/svn/trunk@29074 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | admin/user_list.php | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/admin/user_list.php b/admin/user_list.php index cda20a002..d9f85b6bd 100644 --- a/admin/user_list.php +++ b/admin/user_list.php @@ -99,6 +99,18 @@ $protected_users = array( $conf['webmaster_id'], ); +// an admin can't delete other admin/webmaster +if ('admin' == $user['status']) +{ + $query = ' +SELECT + user_id + FROM '.USER_INFOS_TABLE.' + WHERE status IN (\'webmaster\', \'admin\') +;'; + $protected_users = array_merge($protected_users, query2array($query, null, 'user_id')); +} + $template->assign( array( 'PWG_TOKEN' => get_pwg_token(), @@ -117,12 +129,19 @@ $template->assign( // Status options foreach (get_enums(USER_INFOS_TABLE, 'status') as $status) { - // Only status <= can be assign - if (is_autorize_status(get_access_type_status($status))) - { - $pref_status_options[$status] = l10n('user_status_'.$status); - } + $label_of_status[$status] = l10n('user_status_'.$status); } + +$pref_status_options = $label_of_status; + +// a simple "admin" can set/remove statuses webmaster/admin +if ('admin' == $user['status']) +{ + unset($pref_status_options['webmaster']); + unset($pref_status_options['admin']); +} + +$template->assign('label_of_status', $label_of_status); $template->assign('pref_status_options', $pref_status_options); $template->assign('pref_status_selected', 'normal'); |