From ab6e23979a94ee3f68efca58da90137e88a95236 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Tue, 19 Feb 2008 21:11:18 +0000 Subject: [PATCH] admins with default ACL "deny" are no longer allowed to change their default ACL --- inc/libs/admins_functions.php | 39 ++++++++++++++++++++++---- inc/modules/admin/what-admins_edit.php | 3 +- 2 files changed, 35 insertions(+), 7 deletions(-) diff --git a/inc/libs/admins_functions.php b/inc/libs/admins_functions.php index fa205b2f54..d4ced65b01 100644 --- a/inc/libs/admins_functions.php +++ b/inc/libs/admins_functions.php @@ -200,9 +200,6 @@ function ADMINS_CHANGE_ADMIN_ACCOUNT($POST) { // Rewrite cookie when it's own account if ($aid == $id) { - // Timeout - $TIMEOUT = time() + bigintval($_SESSION['admin_to']); - // Set timeout cookie set_session("admin_last", time()); @@ -219,8 +216,18 @@ function ADMINS_CHANGE_ADMIN_ACCOUNT($POST) { } + // Get default ACL from admin to check if we can allow him to change the default ACL + $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", + array($_SESSION['admin_login']), __FILE__, __LINE__); + list($default) = SQL_FETCHROW($result); + + // Free result + SQL_FREERESULT($result); + // Update admin account - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET + if ($default == "allow") { + // Allow changing default ACL + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET login='%s'".$ADD.", email='%s', default_acl='%s', @@ -233,6 +240,20 @@ WHERE id=%d LIMIT 1", $POST['la_mode'][$id], $id ), __FILE__, __LINE__); + } else { + // Do not allow it here + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET +login='%s'".$ADD.", +email='%s', +la_mode='%s' +WHERE id=%d LIMIT 1", + array( + $login, + $POST['email'][$id], + $POST['la_mode'][$id], + $id +), __FILE__, __LINE__); + } // Admin account saved $MSG = ADMIN_ACCOUNT_SAVED; @@ -272,7 +293,15 @@ function ADMINS_EDIT_ADMIN_ACCOUNTS ($POST) { // Prepare some more data for the template $content['sw'] = $SW; $content['id'] = $id; - $content['mode'] = ADD_OPTION_LINES("/ARRAY/", array("allow", "deny"), array(ADMINS_ALLOW_MODE, ADMINS_DENY_MODE), $content['mode']); + + // Shall we allow changing default ACL? + if ($content['mode'] == "allow") { + // Allow chaning it + $content['mode'] = ADD_OPTION_LINES("/ARRAY/", array("allow", "deny"), array(ADMINS_ALLOW_MODE, ADMINS_DENY_MODE), $content['mode']); + } else { + // Don't allow it + $content['mode'] = " "; + } $content['la_mode'] = ADD_OPTION_LINES("/ARRAY/", array("global", "OLD", "NEW"), array(ADMINS_GLOBAL_LA_SETTING, ADMINS_OLD_LA_SETTING, ADMINS_NEW_LA_SETTING), $content['la_mode']); // Load row template and switch color diff --git a/inc/modules/admin/what-admins_edit.php b/inc/modules/admin/what-admins_edit.php index 6b54b36c2a..798fe3f48f 100644 --- a/inc/modules/admin/what-admins_edit.php +++ b/inc/modules/admin/what-admins_edit.php @@ -53,10 +53,9 @@ if (!empty($_GET['admin'])) { $_POST['edit'] = "1"; $_POST['sel'][$aid] = array("1"); } - if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0)) { // Edit account(s) - ADMINS_EDIT_ACCOUNTS($_POST); + ADMINS_EDIT_ADMIN_ACCOUNTS($_POST); } elseif ((isset($_POST['change'])) && (sizeof($_POST['login']) > 0)) { // Change admin accounts ADMINS_CHANGE_ADMIN_ACCOUNT($_POST); -- 2.30.2