// Rewrite cookie when it's own account
if ($aid == $id) {
- // Timeout
- $TIMEOUT = time() + bigintval($_SESSION['admin_to']);
-
// Set timeout cookie
set_session("admin_last", time());
}
+ // Get default ACL from admin to check if we can allow him to change the default ACL
+ $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
+ array($_SESSION['admin_login']), __FILE__, __LINE__);
+ list($default) = SQL_FETCHROW($result);
+
+ // Free result
+ SQL_FREERESULT($result);
+
// Update admin account
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET
+ if ($default == "allow") {
+ // Allow changing default ACL
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET
login='%s'".$ADD.",
email='%s',
default_acl='%s',
$POST['la_mode'][$id],
$id
), __FILE__, __LINE__);
+ } else {
+ // Do not allow it here
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET
+login='%s'".$ADD.",
+email='%s',
+la_mode='%s'
+WHERE id=%d LIMIT 1",
+ array(
+ $login,
+ $POST['email'][$id],
+ $POST['la_mode'][$id],
+ $id
+), __FILE__, __LINE__);
+ }
// Admin account saved
$MSG = ADMIN_ACCOUNT_SAVED;
// Prepare some more data for the template
$content['sw'] = $SW;
$content['id'] = $id;
- $content['mode'] = ADD_OPTION_LINES("/ARRAY/", array("allow", "deny"), array(ADMINS_ALLOW_MODE, ADMINS_DENY_MODE), $content['mode']);
+
+ // Shall we allow changing default ACL?
+ if ($content['mode'] == "allow") {
+ // Allow chaning it
+ $content['mode'] = ADD_OPTION_LINES("/ARRAY/", array("allow", "deny"), array(ADMINS_ALLOW_MODE, ADMINS_DENY_MODE), $content['mode']);
+ } else {
+ // Don't allow it
+ $content['mode'] = " ";
+ }
$content['la_mode'] = ADD_OPTION_LINES("/ARRAY/", array("global", "OLD", "NEW"), array(ADMINS_GLOBAL_LA_SETTING, ADMINS_OLD_LA_SETTING, ADMINS_NEW_LA_SETTING), $content['la_mode']);
// Load row template and switch color
projects / mailer.git / blobdiff