]> git.mxchange.org Git - friendica.git/commitdiff
admin: allow deletion of any users but yourself
authorFabrixxm <fabrix.xm@gmail.com>
Tue, 23 Jun 2015 08:39:28 +0000 (10:39 +0200)
committerFabrixxm <fabrix.xm@gmail.com>
Tue, 23 Jun 2015 08:39:28 +0000 (10:39 +0200)
fix #1625

mod/admin.php
view/templates/admin_users.tpl
view/theme/quattro/templates/admin_users.tpl

index 78735262c27b26129716cc69d64f4ffc63211b63..abdf7162dfec79afa7b678369e97672adc8f1937 100644 (file)
@@ -792,7 +792,7 @@ function admin_page_users_post(&$a){
        $nu_nickname = ( x($_POST, 'new_user_nickname') ? $_POST['new_user_nickname'] : '');
        $nu_email = ( x($_POST, 'new_user_email') ? $_POST['new_user_email'] : '');
 
-       check_form_security_token_redirectOnErr('/admin/users', 'admin_users');
+       check_form_security_token_redirectOnErr($a->get_baseurl().'/admin/users', 'admin_users');
 
        if (!($nu_name==="") && !($nu_email==="") && !($nu_nickname==="")) {
                require_once('include/user.php');
@@ -946,11 +946,8 @@ function admin_page_users(&$a){
                                intval($a->pager['itemspage'])
                                );
 
-       function _setup_users($e){
-               $a = get_app();
-
-               $adminlist = explode(",", str_replace(" ", "", $a->config['admin_email']));
-
+       $adminlist = explode(",", str_replace(" ", "", $a->config['admin_email']));
+       $_setup_users = function ($e) use ($adminlist){
                $accounts = Array(
                        t('Normal Account'),
                        t('Soapbox Account'),
@@ -963,10 +960,11 @@ function admin_page_users(&$a){
                $e['lastitem_date'] = relative_date($e['lastitem_date']);
                //$e['is_admin'] = ($e['email'] === $a->config['admin_email']);
                $e['is_admin'] = in_array($e['email'], $adminlist);
+               $e['is_deletable'] = (intval($e['uid']) != local_user());
                $e['deleted'] = ($e['account_removed']?relative_date($e['account_expires_on']):False);
                return $e;
-       }
-       $users = array_map("_setup_users", $users);
+       };
+       $users = array_map($_setup_users, $users);
 
 
        // Get rid of dashes in key names, Smarty3 can't handle them
index fc3c6377f17b9cf8b3f8c12f36c95ecb708a28ce..3354cfe1a277492c66ea2ca2378cc438f84783f4 100644 (file)
                                                <td class='lastitem_date'>{{$u.lastitem_date}}</td>
                                                <td class='login_date'>{{$u.page_flags}} {{if $u.is_admin}}({{$siteadmin}}){{/if}} {{if $u.account_expired}}({{$accountexpired}}){{/if}}</td>
                                                <td class="checkbox"> 
-                                    {{if $u.is_admin}}
-                                        &nbsp;
-                                    {{else}}
-                                        <input type="checkbox" class="users_ckbx" id="id_user_{{$u.uid}}" name="user[]" value="{{$u.uid}}"/></td>
-                                    {{/if}}
+                                               {{if $u.is_deletable}}
+                                                       <input type="checkbox" class="users_ckbx" id="id_user_{{$u.uid}}" name="user[]" value="{{$u.uid}}"/></td>
+                                               {{else}}
+                                                       &nbsp;
+                                               {{/if}}
                                                <td class="tools">
-                                    {{if $u.is_admin}}
-                                        &nbsp;
-                                    {{else}}
-                                        <a href="{{$baseurl}}/admin/users/block/{{$u.uid}}?t={{$form_security_token}}" title='{{if $u.blocked}}{{$unblock}}{{else}}{{$block}}{{/if}}'><span class='icon block {{if $u.blocked==0}}dim{{/if}}'></span></a>
-                                        <a href="{{$baseurl}}/admin/users/delete/{{$u.uid}}?t={{$form_security_token}}" title='{{$delete}}' onclick="return confirm_delete('{{$u.name}}')"><span class='icon drop'></span></a>
-                                    {{/if}}
+                                               {{if $u.is_deletable}}
+                                                       <a href="{{$baseurl}}/admin/users/block/{{$u.uid}}?t={{$form_security_token}}" title='{{if $u.blocked}}{{$unblock}}{{else}}{{$block}}{{/if}}'><span class='icon block {{if $u.blocked==0}}dim{{/if}}'></span></a>
+                                                       <a href="{{$baseurl}}/admin/users/delete/{{$u.uid}}?t={{$form_security_token}}" title='{{$delete}}' onclick="return confirm_delete('{{$u.name}}')"><span class='icon drop'></span></a>
+                                               {{else}}
+                                                       &nbsp;
+                                               {{/if}}
                                                </td>
                                        </tr>
                                {{/foreach}}
index 249f1f6728a1a7476d48c8069e5ff47522f2584b..7f5ae2dfbc25d21fcfb2a994ddab17acb088e077 100644 (file)
                                                <td class='lastitem_date'>{{$u.lastitem_date}}</td>
                                                <td class='login_date'>{{$u.page_flags}} {{if $u.is_admin}}({{$siteadmin}}){{/if}} {{if $u.account_expired}}({{$accountexpired}}){{/if}}</td>
                                                <td class="checkbox"> 
-                                    {{if $u.is_admin}}
-                                        &nbsp;
-                                    {{else}}
-                                        <input type="checkbox" class="users_ckbx" id="id_user_{{$u.uid}}" name="user[]" value="{{$u.uid}}"/></td>
-                                    {{/if}}
+                                               {{if $u.is_deletable}}
+                                                       <input type="checkbox" class="users_ckbx" id="id_user_{{$u.uid}}" name="user[]" value="{{$u.uid}}"/></td>
+                                               {{else}}
+                                                       &nbsp;
+                                               {{/if}}
                                                <td class="tools">
-                                    {{if $u.is_admin}}
-                                        &nbsp;
-                                    {{else}}
-                                        <a href="{{$baseurl}}/admin/users/block/{{$u.uid}}?t={{$form_security_token}}" title='{{if $u.blocked}}{{$unblock}}{{else}}{{$block}}{{/if}}'><span class='icon {{if $u.blocked==0}}unlock{{else}}lock{{/if}}'></span></a>
-                                        <a href="{{$baseurl}}/admin/users/delete/{{$u.uid}}?t={{$form_security_token}}" title='{{$delete}}' onclick="return confirm_delete('{{$u.name}}')"><span class='icon delete'></span></a>
-                                    {{/if}}
+                                               {{if $u.is_deletable}}
+                                                       <a href="{{$baseurl}}/admin/users/block/{{$u.uid}}?t={{$form_security_token}}" title='{{if $u.blocked}}{{$unblock}}{{else}}{{$block}}{{/if}}'><span class='icon {{if $u.blocked==0}}unlock{{else}}lock{{/if}}'></span></a>
+                                                       <a href="{{$baseurl}}/admin/users/delete/{{$u.uid}}?t={{$form_security_token}}" title='{{$delete}}' onclick="return confirm_delete('{{$u.name}}')"><span class='icon delete'></span></a>
+                                               {{else}}
+                                                       &nbsp;
+                                               {{/if}}
                                                </td>
                                        </tr>
                                {{/foreach}}