Merge "Bug 1915963: Bring back masquerading and other admin actions for inst. admin"

7a3f0a8b · Lisa Seeto · Gerrit Code Review · fd5fe78c · 2f961b22 · 7a3f0a8b
Commit 7a3f0a8b authored Mar 05, 2021 by Lisa Seeto Committed by Gerrit Code Review Mar 05, 2021
--- a/htdocs/admin/users/edit.php
+++ b/htdocs/admin/users/edit.php
@@ -792,10 +792,17 @@ $deleteform = pieform(array(

 function edituser_delete_validate(Pieform $form, $values) {
    global $USER, $SESSION;
-    if (!$USER->get('admin')) {
+    $user = new User;
+    $user->find_by_id($values['id']);
+    if (!$USER->is_admin_for_user($user)) {
        $form->set_error('submit', get_string('deletefailed', 'admin'));
        $SESSION->add_error_msg(get_string('deletefailed', 'admin'));
    }
+    // Don't let an admin delete themseleves if they are the last one.
+    if ($values['id'] === $USER->get('id') && $USER->get('admin') && (count_records('usr', 'admin', 1, 'deleted', 0) == 1)) {
+        $form->set_error('submit', get_string('deletefailedonlyadmin', 'admin'));
+        $SESSION->add_error_msg(get_string('deletefailedonlyadmin', 'admin'));
+    }
    // Check to see if there are any pending archives in the export_queue for this user.
    // We can't delete them if there are.
    if ($results = count_records('export_queue', 'usr', $values['id'])) {
@@ -806,10 +813,8 @@ function edituser_delete_validate(Pieform $form, $values) {

 function edituser_delete_submit(Pieform $form, $values) {
    global $SESSION, $USER;
-    if ($USER->get('admin')) {
    delete_user($values['id']);
    $SESSION->add_ok_msg(get_string('userdeletedsuccessfully', 'admin'));
-    }
    redirect('/admin/users/search.php');
 }

@@ -1066,7 +1071,7 @@ $smarty->assign('siteform', $siteform);
 $smarty->assign('institutions', count($allinstitutions));
 $smarty->assign('institutionform', $institutionform);

-$smarty->assign('loginas', $id != $USER->get('id') && is_null($USER->get('parentuser')));
+$smarty->assign('loginas', $USER->is_admin_for_user($user));
 $smarty->assign('PAGEHEADING', display_name($user));
 $smarty->assign('SUBSECTIONHEADING', TITLE);
 setpageicon($smarty, 'icon-user-cog');
@@ -1075,8 +1080,8 @@ setpageicon($smarty, 'icon-user-cog');
 # the current user; or if they are the current user, they're not the only
 # admin
 if ($id != $USER->get('id') || count_records('usr', 'admin', 1, 'deleted', 0) > 1) {
-    $smarty->assign('suspendable', ($USER->get('admin') || !$user->get('admin') && !$user->get('staff')));
-    $smarty->assign('deletable', $USER->get('admin'));
+    $adminforuser = $USER->is_admin_for_user($user);
+    $smarty->assign('suspendable', $adminforuser);
+    $smarty->assign('deletable', $adminforuser);
 }
-
 $smarty->display('admin/users/edit.tpl');
--- a/htdocs/lang/en.utf8/admin.php
+++ b/htdocs/lang/en.utf8/admin.php
@@ -593,6 +593,7 @@ $string['oneormorelinksarebad']              = 'One or more of the links here ar
 $string['confirmdeletemenuitem'] = 'Do you really want to delete this item?';
 $string['deletingmenuitem']    = 'Deleting item';
 $string['deletefailed']        = 'Failed deleting item';
+$string['deletefailedonlyadmin'] = 'You cannot delete this account. It is the only site administrator account.';
 $string['externallink']        = 'External link';
 $string['editlinksandresources'] = 'Edit links and resources';
 $string['linkedto']            = 'Linked to';

--- a/htdocs/theme/raw/templates/header/profileactions.tpl
+++ b/htdocs/theme/raw/templates/header/profileactions.tpl
@@ -12,7 +12,7 @@
                <span class="sr-only">{$loginas}</span>
            </a>

-            {if $USER->get('admin')}
+            {if $adminforuser}
            <a href="{$WWWROOT}admin/users/edit.php?id={$USERID}" class="btn-edit btn btn-secondary" title="{str tag=accountsettings section=admin}">
                <span class="icon-cogs icon left" role="presentation" aria-hidden="true"></span>
                <span class="sr-only">{str tag=accountsettings section=admin}</span>

--- a/htdocs/user/view.php
+++ b/htdocs/user/view.php
@@ -336,7 +336,8 @@ if (!empty($loggedinid) && $loggedinid != $userid) {
    $remoteuserrelationship = $relationship;
 }

-if ($userid != $USER->get('id') && $USER->is_admin_for_user($user) && is_null($USER->get('parentuser'))) {
+$adminforuser = $USER->is_admin_for_user($user);
+if ($userid != $USER->get('id') && $adminforuser && is_null($USER->get('parentuser'))) {
    $loginas = get_string('loginasuser', 'admin', display_username($user));
 } else {
    $loginas = null;
@@ -390,6 +391,7 @@ if ($remoteuserrelationship) {
    $smarty->assign('relationship', $relationship);
 }

+$smarty->assign('adminforuser', $adminforuser);
 $smarty->assign('loginas', $loginas);

 $smarty->assign('INLINEJAVASCRIPT', $blocksjs . $inlinejs);