Changeset 29074
- Timestamp:
- Jul 25, 2014, 11:10:49 AM (10 years ago)
- Location:
- trunk
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/admin/themes/default/template/user_list.tpl
r28703 r29074 34 34 'true':"{'Yes'|translate}", 35 35 'false':"{'No'|translate}", 36 }; 37 38 var statusLabels = { 39 {foreach from=$label_of_status key=status item=label} 40 '{$status}' : '{$label|escape:javascript}', 41 {/foreach} 36 42 }; 37 43 {/footer_script} … … 261 267 user.email = user.email || ''; 262 268 263 jQuery("#action select[name=status] option").each(function() { 264 if (user.status == jQuery(this).val()) { 265 user.statusLabel = jQuery(this).html(); 266 } 267 }); 269 user.statusLabel = statusLabels[user.status]; 268 270 269 271 /* Render the underscore template */ -
trunk/admin/user_list.php
r26461 r29074 100 100 ); 101 101 102 // an admin can't delete other admin/webmaster 103 if ('admin' == $user['status']) 104 { 105 $query = ' 106 SELECT 107 user_id 108 FROM '.USER_INFOS_TABLE.' 109 WHERE status IN (\'webmaster\', \'admin\') 110 ;'; 111 $protected_users = array_merge($protected_users, query2array($query, null, 'user_id')); 112 } 113 102 114 $template->assign( 103 115 array( … … 118 130 foreach (get_enums(USER_INFOS_TABLE, 'status') as $status) 119 131 { 120 // Only status <= can be assign 121 if (is_autorize_status(get_access_type_status($status))) 122 { 123 $pref_status_options[$status] = l10n('user_status_'.$status); 124 } 132 $label_of_status[$status] = l10n('user_status_'.$status); 125 133 } 134 135 $pref_status_options = $label_of_status; 136 137 // a simple "admin" can set/remove statuses webmaster/admin 138 if ('admin' == $user['status']) 139 { 140 unset($pref_status_options['webmaster']); 141 unset($pref_status_options['admin']); 142 } 143 144 $template->assign('label_of_status', $label_of_status); 126 145 $template->assign('pref_status_options', $pref_status_options); 127 146 $template->assign('pref_status_selected', 'normal'); -
trunk/include/ws_functions/pwg.users.php
r28981 r29074 326 326 include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); 327 327 328 $protected_users = array( 329 $user['id'], 330 $conf['guest_id'], 331 $conf['default_user_id'], 332 $conf['webmaster_id'], 333 ); 334 335 // an admin can't delete other admin/webmaster 336 if ('admin' == $user['status']) 337 { 338 $query = ' 339 SELECT 340 user_id 341 FROM '.USER_INFOS_TABLE.' 342 WHERE status IN (\'webmaster\', \'admin\') 343 ;'; 344 $protected_users = array_merge($protected_users, query2array($query, null, 'user_id')); 345 } 346 328 347 // protect some users 329 $params['user_id'] = array_diff( 330 $params['user_id'], 331 array( 332 $user['id'], 333 $conf['guest_id'], 334 $conf['default_user_id'], 335 $conf['webmaster_id'], 336 ) 337 ); 338 348 $params['user_id'] = array_diff($params['user_id'], $protected_users); 349 350 $counter = 0; 351 339 352 foreach ($params['user_id'] as $user_id) 340 353 { 341 354 delete_user($user_id); 355 $counter++; 342 356 } 343 357 344 358 return l10n_dec( 345 359 '%d user deleted', '%d users deleted', 346 count($params['user_id'])360 $counter 347 361 ); 348 362 } … … 419 433 if (!empty($params['status'])) 420 434 { 421 if ( $params['status'] == 'webmaster' and !is_webmaster() ) 422 { 423 return new PwgError(403, 'Only webmasters can grant "webmaster" status'); 424 } 435 if (in_array($params['status'], array('webmaster', 'admin')) and !is_webmaster() ) 436 { 437 return new PwgError(403, 'Only webmasters can grant "webmaster/admin" status'); 438 } 439 425 440 if ( !in_array($params['status'], array('guest','generic','normal','admin','webmaster')) ) 426 441 { 427 442 return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid status'); 443 } 444 445 $protected_users = array( 446 $user['id'], 447 $conf['guest_id'], 448 $conf['webmaster_id'], 449 ); 450 451 // an admin can't change status of other admin/webmaster 452 if ('admin' == $user['status']) 453 { 454 $query = ' 455 SELECT 456 user_id 457 FROM '.USER_INFOS_TABLE.' 458 WHERE status IN (\'webmaster\', \'admin\') 459 ;'; 460 $protected_users = array_merge($protected_users, query2array($query, null, 'user_id')); 428 461 } 429 462 430 463 // status update query is separated from the rest as not applying to the same 431 464 // set of users (current, guest and webmaster can't be changed) 432 $params['user_id_for_status'] = array_diff( 433 $params['user_id'], 434 array( 435 $user['id'], 436 $conf['guest_id'], 437 $conf['webmaster_id'], 438 ) 439 ); 465 $params['user_id_for_status'] = array_diff($params['user_id'], $protected_users); 440 466 441 467 $update_status = $params['status'];
Note: See TracChangeset
for help on using the changeset viewer.