Changeset 29074 for trunk/admin


Ignore:
Timestamp:
Jul 25, 2014, 11:10:49 AM (10 years ago)
Author:
plg
Message:

bug 3104: less rights for admins (compared to webmaster). Now an admin can't:

  • delete a webmaster
  • give webmaster/admin status to any user
  • change status of a webmaster/admin
Location:
trunk/admin
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/admin/themes/default/template/user_list.tpl

    r28703 r29074  
    3434  'true':"{'Yes'|translate}",
    3535  'false':"{'No'|translate}",
     36};
     37
     38var statusLabels = {
     39{foreach from=$label_of_status key=status item=label}
     40  '{$status}' : '{$label|escape:javascript}',
     41{/foreach}
    3642};
    3743{/footer_script}
     
    261267          user.email = user.email || '';
    262268         
    263           jQuery("#action select[name=status] option").each(function() {
    264             if (user.status == jQuery(this).val()) {
    265               user.statusLabel = jQuery(this).html();
    266             }
    267           });
     269          user.statusLabel = statusLabels[user.status];
    268270         
    269271                      /* Render the underscore template */

  • trunk/admin/user_list.php

    r26461 r29074  
    100100  );
    101101
     102// an admin can't delete other admin/webmaster
     103if ('admin' == $user['status'])
     104{
     105  $query = '
     106SELECT
     107    user_id
     108  FROM '.USER_INFOS_TABLE.'
     109  WHERE status IN (\'webmaster\', \'admin\')
     110;';
     111  $protected_users = array_merge($protected_users, query2array($query, null, 'user_id'));
     112}
     113
    102114$template->assign(
    103115  array(
     
    118130foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
    119131{
    120   // Only status <= can be assign
    121   if (is_autorize_status(get_access_type_status($status)))
    122   {
    123     $pref_status_options[$status] = l10n('user_status_'.$status);
    124   }
     132  $label_of_status[$status] = l10n('user_status_'.$status);
    125133}
     134
     135$pref_status_options = $label_of_status;
     136
     137// a simple "admin" can set/remove statuses webmaster/admin
     138if ('admin' == $user['status'])
     139{
     140  unset($pref_status_options['webmaster']);
     141  unset($pref_status_options['admin']);
     142}
     143
     144$template->assign('label_of_status', $label_of_status);
    126145$template->assign('pref_status_options', $pref_status_options);
    127146$template->assign('pref_status_selected', 'normal');
Note: See TracChangeset for help on using the changeset viewer.