From 132df2144fab92262dce7b6ad26782f6e62ec857 Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Thu, 23 Jan 2014 10:31:19 +0100 Subject: [PATCH] Prevent that the type of a sys_user that belongs to a client or reseller can be changed to admin. --- interface/web/admin/lib/lang/en_users.lng | 1 + interface/web/admin/users_edit.php | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/interface/web/admin/lib/lang/en_users.lng b/interface/web/admin/lib/lang/en_users.lng index 9eec3222a..09b8ac305 100644 --- a/interface/web/admin/lib/lang/en_users.lng +++ b/interface/web/admin/lib/lang/en_users.lng @@ -30,4 +30,5 @@ $wb['repeat_password_txt'] = 'Repeat Password'; $wb['password_mismatch_txt'] = 'The passwords do not match.'; $wb['password_match_txt'] = 'The passwords do match.'; $wb['username_error_collision'] = 'The username may not be web or web plus a number."'; +$wb['client_not_admin_err'] = 'A user that belongs to a client can not be set to type: admin'; ?> diff --git a/interface/web/admin/users_edit.php b/interface/web/admin/users_edit.php index 5eab80a9b..2b1be7f0f 100644 --- a/interface/web/admin/users_edit.php +++ b/interface/web/admin/users_edit.php @@ -66,7 +66,14 @@ class page_action extends tform_actions { if(@is_array($this->dataRecord['modules']) && !in_array($this->dataRecord['startmodule'], $this->dataRecord['modules'])) { $app->tform->errorMessage .= $app->tform->wordbook['startmodule_err']; } + $this->oldDataRecord = $app->tform->getDataRecord($this->id); + + //* A user that belongs to a client record (client or reseller) may not have typ admin + if(isset($this->dataRecord['typ']) && $this->dataRecord['typ'][0] == 'admin' && $this->oldDataRecord['client_id'] > 0) { + $app->tform->errorMessage .= $app->tform->wordbook['client_not_admin_err']; + } + } /* -- GitLab