Commit 5c4e7ec2 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Don't let users delete themselves if they belong to an institution that doesn't allow registration


Signed-off-by: default avatarRichard Mansfield <richardm@catalyst.net.nz>
parent e02c9b26
......@@ -730,7 +730,14 @@ class User {
public function can_delete_self() {
if (!$this->get('admin')) {
return true; // institution setting?
// Users who belong to an institution that doesn't allow
// registration cannot delete themselves.
foreach ($this->get('institutions') as $i) {
if (!$i->registerallowed) {
return false;
}
}
return true;
}
// The last admin user should not be deleted.
return count_records('usr', 'admin', 1, 'deleted', 0) > 1;
......
......@@ -437,7 +437,7 @@ $string['institutionexpiry'] = 'Institution expiry date';
$string['institutionexpirydescription'] = 'The date at which this institutions membership of %s will be suspended.';
$string['institutionupdatedsuccessfully'] = 'Institution updated successfully.';
$string['registrationallowed'] = 'Registration allowed?';
$string['registrationalloweddescription2'] = 'Whether users can register for your site for this institution using the registration form. If registration is off, non-members cannot request membership of the institution, and members cannot leave the institution voluntarily.';
$string['registrationalloweddescription2'] = 'Whether users can register for your site for this institution using the registration form. If registration is off, non-members cannot request membership of the institution, and members cannot leave the institution or delete their user accounts voluntarily.';
$string['defaultmembershipperiod'] = 'Default membership period';
$string['defaultmembershipperioddescription'] = 'How long new members remain associated with the institution';
$string['authenticatedby'] = 'Authentication Method';
......
......@@ -979,7 +979,7 @@ function load_user_institutions($userid) {
throw new InvalidArgumentException("couldn't load institutions, no user id specified");
}
if ($institutions = get_records_sql_assoc('
SELECT u.institution,'.db_format_tsfield('ctime').','.db_format_tsfield('u.expiry', 'membership_expiry').',u.studentid,u.staff,u.admin,i.theme
SELECT u.institution,'.db_format_tsfield('ctime').','.db_format_tsfield('u.expiry', 'membership_expiry').',u.studentid,u.staff,u.admin,i.theme,i.registerallowed
FROM {usr_institution} u INNER JOIN {institution} i ON u.institution = i.name
WHERE u.usr = ?', array($userid))) {
return $institutions;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment