admins with default ACL "deny" are no longer allowed to change their default ACL
authorRoland Häder <roland@mxchange.org>
Tue, 19 Feb 2008 21:11:18 +0000 (21:11 +0000)
committerRoland Häder <roland@mxchange.org>
Tue, 19 Feb 2008 21:11:18 +0000 (21:11 +0000)
inc/libs/admins_functions.php
inc/modules/admin/what-admins_edit.php

index fa205b2..d4ced65 100644 (file)
@@ -200,9 +200,6 @@ function ADMINS_CHANGE_ADMIN_ACCOUNT($POST) {
 
                        // Rewrite cookie when it's own account
                        if ($aid == $id) {
-                               // Timeout
-                               $TIMEOUT = time() + bigintval($_SESSION['admin_to']);
-
                                // Set timeout cookie
                                set_session("admin_last", time());
 
@@ -219,8 +216,18 @@ function ADMINS_CHANGE_ADMIN_ACCOUNT($POST) {
 
                        }
 
+                       // Get default ACL from admin to check if we can allow him to change the default ACL
+                       $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
+                        array($_SESSION['admin_login']), __FILE__, __LINE__);
+                       list($default) = SQL_FETCHROW($result);
+
+                       // Free result
+                       SQL_FREERESULT($result);
+
                        // Update admin account
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET
+                       if ($default == "allow") {
+                               // Allow changing default ACL
+                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET
 login='%s'".$ADD.",
 email='%s',
 default_acl='%s',
@@ -233,6 +240,20 @@ WHERE id=%d LIMIT 1",
        $POST['la_mode'][$id],
        $id
 ), __FILE__, __LINE__);
+                       } else {
+                               // Do not allow it here
+                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET
+login='%s'".$ADD.",
+email='%s',
+la_mode='%s'
+WHERE id=%d LIMIT 1",
+ array(
+       $login,
+       $POST['email'][$id],
+       $POST['la_mode'][$id],
+       $id
+), __FILE__, __LINE__);
+                       }
 
                        // Admin account saved
                        $MSG = ADMIN_ACCOUNT_SAVED;
@@ -272,7 +293,15 @@ function ADMINS_EDIT_ADMIN_ACCOUNTS ($POST) {
                        // Prepare some more data for the template
                        $content['sw']          = $SW;
                        $content['id']          = $id;
-                       $content['mode']    = ADD_OPTION_LINES("/ARRAY/", array("allow", "deny"), array(ADMINS_ALLOW_MODE, ADMINS_DENY_MODE), $content['mode']);
+
+                       // Shall we allow changing default ACL?
+                       if ($content['mode'] == "allow") {
+                               // Allow chaning it
+                               $content['mode']    = ADD_OPTION_LINES("/ARRAY/", array("allow", "deny"), array(ADMINS_ALLOW_MODE, ADMINS_DENY_MODE), $content['mode']);
+                       } else {
+                               // Don't allow it
+                               $content['mode'] = "&nbsp;";
+                       }
                        $content['la_mode'] = ADD_OPTION_LINES("/ARRAY/", array("global", "OLD", "NEW"), array(ADMINS_GLOBAL_LA_SETTING, ADMINS_OLD_LA_SETTING, ADMINS_NEW_LA_SETTING), $content['la_mode']);
 
                        // Load row template and switch color
index 6b54b36..798fe3f 100644 (file)
@@ -53,10 +53,9 @@ if (!empty($_GET['admin'])) {
        $_POST['edit'] = "1";
        $_POST['sel'][$aid] = array("1");
 }
-
 if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0)) {
        // Edit account(s)
-       ADMINS_EDIT_ACCOUNTS($_POST);
+       ADMINS_EDIT_ADMIN_ACCOUNTS($_POST);
 } elseif ((isset($_POST['change'])) && (sizeof($_POST['login']) > 0)) {
        // Change admin accounts
        ADMINS_CHANGE_ADMIN_ACCOUNT($_POST);