Tell people when we're preventing them from acessing the admin section.

Also make the admin user search results output links to the user profile instead of the admin section when the logged in user can't edit that person. Saves a redirect. Signed-off-by: Nigel McNie <nigel@catalyst.net.nz>

Tell people when we're preventing them from acessing the admin section.
Also make the admin user search results output links to the user profile instead of the admin section when the logged in user can't edit that person. Saves a redirect. Signed-off-by: Nigel McNie <nigel@catalyst.net.nz>
ee9ace6f · Nigel McNie · 52f4db9c · ee9ace6f · ee9ace6f · ee9ace6f
Commit ee9ace6f authored Oct 23, 2009 by Nigel McNie
--- a/htdocs/admin/users/edit.php
+++ b/htdocs/admin/users/edit.php
@@ -40,7 +40,8 @@ $user = new User;
 $user->find_by_id($id);

 if (!$USER->is_admin_for_user($user)) {
-    redirect(get_config('wwwroot').'user/view.php?id='.$id);
+    $SESSION->add_error_msg(get_string('youcannotadministerthisuser', 'admin'));
+    redirect('/user/view.php?id=' . $id);
 }



--- a/htdocs/lang/en.utf8/admin.php
+++ b/htdocs/lang/en.utf8/admin.php
@@ -381,6 +381,7 @@ $string['usereditdescription'] = 'Here you can view and set details for this use
 $string['suspenddeleteuser'] = 'Suspend/Delete User';
 $string['suspenddeleteuserdescription'] = 'Here you may suspend or entirely delete a user account. Suspended users are unable to log in until their account is unsuspended. Please note that while a suspension can be undone, deletion <strong>cannot</strong> be undone.';
 $string['deleteusernote'] = 'Please note that this operation <strong>cannot be undone</strong>.';
+$string['youcannotadministerthisuser'] = 'You cannot administer this user';

 // Add User
 $string['adduser'] = 'Add User';

--- a/htdocs/lib/searchlib.php
+++ b/htdocs/lib/searchlib.php
@@ -286,15 +286,8 @@ function build_admin_user_search_results($search, $offset, $limit, $sortby, $sor
    $searchurl = get_config('wwwroot') . 'admin/users/search.php?' . join('&amp;', $params)
        . '&amp;limit=' . $limit;

-    $usernametemplate = '<a href="' . get_config('wwwroot') . 'admin/users/edit.php?id={$r.id}">{$r.username|escape}</a>';
-    if (!$USER->get('admin')) {
-        // Only create the edit link if the returned user belongs to an institution that the viewer administers
-        $cond = array();
-        foreach ($USER->get('admininstitutions') as $i) {
-            $cond[] = 'isset($r.institutions.' . $i . ')';
-        }
-        $usernametemplate = '{if ' . join('||', $cond) . '}' . $usernametemplate . '{else}{$r.username}{/if}';
-    }
+    $usernametemplate = '<a href="' . get_config('wwwroot')
+        . '{if $USER->is_admin_for_user($r.id)}admin/users/edit.php?id={$r.id}{else}user/view.php?id={$r.id}{/if}">{$r.username|escape}</a>';

    $cols = array(
        'icon'        => array('name'     => '',