aboutsummaryrefslogtreecommitdiffstats
path: root/admin
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2014-07-25 09:10:49 +0000
committerplegall <plg@piwigo.org>2014-07-25 09:10:49 +0000
commitbf58209d7dd6cc0f53c2c4b34115dfec9574cfb8 (patch)
tree4b66991e0ff85300f21e565ea27e80f8d183e9f6 /admin
parent30fa11fb9aca3988ca9339dc54902a10eb1254ec (diff)
bug 3104: less rights for admins (compared to webmaster). Now an admin can't:
* delete a webmaster * give webmaster/admin status to any user * change status of a webmaster/admin git-svn-id: http://piwigo.org/svn/trunk@29074 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--admin/themes/default/template/user_list.tpl12
-rw-r--r--admin/user_list.php29
2 files changed, 31 insertions, 10 deletions
diff --git a/admin/themes/default/template/user_list.tpl b/admin/themes/default/template/user_list.tpl
index 2c41cc1a4..66de20e31 100644
--- a/admin/themes/default/template/user_list.tpl
+++ b/admin/themes/default/template/user_list.tpl
@@ -34,6 +34,12 @@ var truefalse = {
'true':"{'Yes'|translate}",
'false':"{'No'|translate}",
};
+
+var statusLabels = {
+{foreach from=$label_of_status key=status item=label}
+ '{$status}' : '{$label|escape:javascript}',
+{/foreach}
+};
{/footer_script}
{footer_script}{literal}
@@ -260,11 +266,7 @@ jQuery(document).ready(function() {
user.email = user.email || '';
- jQuery("#action select[name=status] option").each(function() {
- if (user.status == jQuery(this).val()) {
- user.statusLabel = jQuery(this).html();
- }
- });
+ user.statusLabel = statusLabels[user.status];
/* Render the underscore template */
_.templateSettings.variable = "user";
diff --git a/admin/user_list.php b/admin/user_list.php
index cda20a002..d9f85b6bd 100644
--- a/admin/user_list.php
+++ b/admin/user_list.php
@@ -99,6 +99,18 @@ $protected_users = array(
$conf['webmaster_id'],
);
+// an admin can't delete other admin/webmaster
+if ('admin' == $user['status'])
+{
+ $query = '
+SELECT
+ user_id
+ FROM '.USER_INFOS_TABLE.'
+ WHERE status IN (\'webmaster\', \'admin\')
+;';
+ $protected_users = array_merge($protected_users, query2array($query, null, 'user_id'));
+}
+
$template->assign(
array(
'PWG_TOKEN' => get_pwg_token(),
@@ -117,12 +129,19 @@ $template->assign(
// Status options
foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
{
- // Only status <= can be assign
- if (is_autorize_status(get_access_type_status($status)))
- {
- $pref_status_options[$status] = l10n('user_status_'.$status);
- }
+ $label_of_status[$status] = l10n('user_status_'.$status);
}
+
+$pref_status_options = $label_of_status;
+
+// a simple "admin" can set/remove statuses webmaster/admin
+if ('admin' == $user['status'])
+{
+ unset($pref_status_options['webmaster']);
+ unset($pref_status_options['admin']);
+}
+
+$template->assign('label_of_status', $label_of_status);
$template->assign('pref_status_options', $pref_status_options);
$template->assign('pref_status_selected', 'normal');