Changeset 29074 for trunk/include
- Timestamp:
- Jul 25, 2014, 11:10:49 AM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/ws_functions/pwg.users.php
r28981 r29074 326 326 include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); 327 327 328 $protected_users = array( 329 $user['id'], 330 $conf['guest_id'], 331 $conf['default_user_id'], 332 $conf['webmaster_id'], 333 ); 334 335 // an admin can't delete other admin/webmaster 336 if ('admin' == $user['status']) 337 { 338 $query = ' 339 SELECT 340 user_id 341 FROM '.USER_INFOS_TABLE.' 342 WHERE status IN (\'webmaster\', \'admin\') 343 ;'; 344 $protected_users = array_merge($protected_users, query2array($query, null, 'user_id')); 345 } 346 328 347 // protect some users 329 $params['user_id'] = array_diff( 330 $params['user_id'], 331 array( 332 $user['id'], 333 $conf['guest_id'], 334 $conf['default_user_id'], 335 $conf['webmaster_id'], 336 ) 337 ); 338 348 $params['user_id'] = array_diff($params['user_id'], $protected_users); 349 350 $counter = 0; 351 339 352 foreach ($params['user_id'] as $user_id) 340 353 { 341 354 delete_user($user_id); 355 $counter++; 342 356 } 343 357 344 358 return l10n_dec( 345 359 '%d user deleted', '%d users deleted', 346 count($params['user_id'])360 $counter 347 361 ); 348 362 } … … 419 433 if (!empty($params['status'])) 420 434 { 421 if ( $params['status'] == 'webmaster' and !is_webmaster() ) 422 { 423 return new PwgError(403, 'Only webmasters can grant "webmaster" status'); 424 } 435 if (in_array($params['status'], array('webmaster', 'admin')) and !is_webmaster() ) 436 { 437 return new PwgError(403, 'Only webmasters can grant "webmaster/admin" status'); 438 } 439 425 440 if ( !in_array($params['status'], array('guest','generic','normal','admin','webmaster')) ) 426 441 { 427 442 return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid status'); 443 } 444 445 $protected_users = array( 446 $user['id'], 447 $conf['guest_id'], 448 $conf['webmaster_id'], 449 ); 450 451 // an admin can't change status of other admin/webmaster 452 if ('admin' == $user['status']) 453 { 454 $query = ' 455 SELECT 456 user_id 457 FROM '.USER_INFOS_TABLE.' 458 WHERE status IN (\'webmaster\', \'admin\') 459 ;'; 460 $protected_users = array_merge($protected_users, query2array($query, null, 'user_id')); 428 461 } 429 462 430 463 // status update query is separated from the rest as not applying to the same 431 464 // set of users (current, guest and webmaster can't be changed) 432 $params['user_id_for_status'] = array_diff( 433 $params['user_id'], 434 array( 435 $user['id'], 436 $conf['guest_id'], 437 $conf['webmaster_id'], 438 ) 439 ); 465 $params['user_id_for_status'] = array_diff($params['user_id'], $protected_users); 440 466 441 467 $update_status = $params['status'];
Note: See TracChangeset
for help on using the changeset viewer.