bug 3104: less rights for admins (compared to webmaster). Now an admin can't:

* delete a webmaster * give webmaster/admin status to any user * change status of a webmaster/admin git-svn-id: http://piwigo.org/svn/trunk@29074 68402e56-0260-453c-a942-63ccdbb3a9ee
2026-06-01 20:04:51 +02:00 · 2014-07-25 09:10:49 +00:00
parent 30fa11fb9a
commit bf58209d7d
3 changed files with 77 additions and 30 deletions
@@ -99,6 +99,18 @@ $protected_users = array(
  $conf['webmaster_id'],
  );

+// an admin can't delete other admin/webmaster
+if ('admin' == $user['status'])
+{
+  $query = '
+SELECT
+    user_id
+  FROM '.USER_INFOS_TABLE.'
+  WHERE status IN (\'webmaster\', \'admin\')
+;';
+  $protected_users = array_merge($protected_users, query2array($query, null, 'user_id'));
+}
+
 $template->assign(
  array(
    'PWG_TOKEN' => get_pwg_token(),
@@ -117,12 +129,19 @@ $template->assign(
 // Status options
 foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
 {
-  // Only status <= can be assign
-  if (is_autorize_status(get_access_type_status($status)))
-  {
-    $pref_status_options[$status] = l10n('user_status_'.$status);
-  }
+  $label_of_status[$status] = l10n('user_status_'.$status);
 }
+
+$pref_status_options = $label_of_status;
+
+// a simple "admin" can set/remove statuses webmaster/admin
+if ('admin' == $user['status'])
+{
+  unset($pref_status_options['webmaster']);
+  unset($pref_status_options['admin']);
+}
+
+$template->assign('label_of_status', $label_of_status);
 $template->assign('pref_status_options', $pref_status_options);
 $template->assign('pref_status_selected', 'normal');