Commit 6e445b8f authored by Eugene Venter's avatar Eugene Venter
Browse files

admin/user/edit: when admin updates a user's account details, remove user's...

admin/user/edit: when admin updates a user's account details, remove user's sessions (if currently logged in)
parent 047127c1
......@@ -187,6 +187,8 @@ function edituser_site_validate(Pieform $form, $values) {
}
function edituser_site_submit(Pieform $form, $values) {
global $USER;
if (!$user = get_record('usr', 'id', $values['id'])) {
return false;
}
......@@ -199,7 +201,11 @@ function edituser_site_submit(Pieform $form, $values) {
$user->quota = $values['quota'];
$user->expiry = db_format_timestamp($values['expiry']);
global $USER;
// Try to kick the user from any active login sessions, before saving data.
require_once(get_config('docroot') . 'auth/session.php');
remove_user_sessions($user->id);
if ($USER->get('admin')) { // Not editable by institutional admins
$user->staff = (int) ($values['staff'] == 'on');
$user->admin = (int) ($values['admin'] == 'on');
......
......@@ -502,6 +502,7 @@ $string['addusertoinstitution'] = 'Add User to Institution';
$string['removeuserfrominstitution'] = 'Remove user from this institution';
$string['confirmremoveuserfrominstitution'] = 'Are you sure you want to remove the user from this institution?';
$string['usereditdescription'] = 'Here you can view and set details for this user account. Below, you can also <a href="#suspend">suspend or delete this account</a>, or change settings for this user in the <a href="#institutions">institutions they are in</a>.';
$string['usereditwarning'] = 'NOTE: Saving the account changes will cause the user to be logged out (if currently logged in)';
$string['suspenddeleteuser'] = 'Suspend/Delete User';
$string['suspenddeleteuserdescription'] = 'Here you may suspend or entirely delete a user account. Suspended users are unable to log in until their account is unsuspended. Please note that while a suspension can be undone, deletion <strong>cannot</strong> be undone.';
$string['deleteusernote'] = 'Please note that this operation <strong>cannot be undone</strong>.';
......
......@@ -26,6 +26,7 @@
</td>
<td id="useraccountsettingsleft"><h2>{str tag="siteaccountsettings" section="admin"}</h2>
<p>{str tag="usereditdescription" section="admin"}</p>
<p class="errmsg">{str tag="usereditwarning" section="admin"}</p>
{$siteform|safe}
<hr />
{if ($institutions)}
......@@ -59,4 +60,4 @@
</tr></table>
</div>
{include file="footer.tpl"}
\ No newline at end of file
{include file="footer.tpl"}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment