Commit e2d22947 authored by Andrew Robert Nicols's avatar Andrew Robert Nicols
Browse files

Prevent admin users from suspending/deleting themselves if they're the only admin (Closes #616298).


Signed-off-by: default avatarAndrew Robert Nicols <andrew.nicols@luns.net.uk>
parent 77cfd878
...@@ -526,6 +526,15 @@ if ($id != $USER->get('id') && is_null($USER->get('parentuser'))) { ...@@ -526,6 +526,15 @@ if ($id != $USER->get('id') && is_null($USER->get('parentuser'))) {
} }
$smarty->assign('loginas', $loginas); $smarty->assign('loginas', $loginas);
$smarty->assign('PAGEHEADING', TITLE . ': ' . display_name($user)); $smarty->assign('PAGEHEADING', TITLE . ': ' . display_name($user));
# Only allow deletion and suspension of a user if the viewed user is not
# the current user; or if they are the current user, they're not the only
# admin
if ($id != $USER->get('id') || count_records('usr', 'admin', 1, 'deleted', 0) > 1) {
$smarty->assign('suspendable', ($USER->get('admin') || !$user->get('admin') && !$user->get('staff')));
$smarty->assign('deletable', $USER->get('admin'));
}
$smarty->display('admin/users/edit.tpl'); $smarty->display('admin/users/edit.tpl');
?> ?>
...@@ -37,8 +37,7 @@ ...@@ -37,8 +37,7 @@
{/if} {/if}
</td> </td>
<td id="useraccountsettingsright"> <td id="useraccountsettingsright">
<!--<h3>{str tag="suspenduser" section="admin"}</h3>--> {if $suspendable}
{if $USER->get('admin') || (!$user->get('admin') && !$user->get('staff')) }
<div id="suspenddelete"> <div id="suspenddelete">
<h2>{str tag="suspenddeleteuser" section=admin}</h2> <h2>{str tag="suspenddeleteuser" section=admin}</h2>
<p>{str tag="suspenddeleteuserdescription" section=admin}</p> <p>{str tag="suspenddeleteuserdescription" section=admin}</p>
...@@ -46,7 +45,7 @@ ...@@ -46,7 +45,7 @@
<h3>{str tag="suspenduser" section=admin}</h3> <h3>{str tag="suspenduser" section=admin}</h3>
{$suspendform|safe} {$suspendform|safe}
</div> </div>
{if $USER->get('admin')} {if $deletable}
<div id="delete"> <div id="delete">
<h3>{str tag=deleteuser section=admin}</h3> <h3>{str tag=deleteuser section=admin}</h3>
<p>{str tag=deleteusernote section=admin}</p> <p>{str tag=deleteusernote section=admin}</p>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment