Skip to:
Content

Changeset 903


Ignore:
Timestamp:
07/13/07 00:18:13 (7 years ago)
Author:
mdawaffe
Message:

keymasters should not be able to demote themselves. Fixes #685

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/bb-includes/template-functions.php

    r892 r903  
    12651265        return; 
    12661266 
     1267    $bb_current_id = bb_get_current_user_info( 'id' ); 
     1268 
    12671269    $profile_admin_keys = get_profile_admin_keys(); 
    12681270    $assignable_caps = get_assignable_caps(); 
    12691271    $required = false; 
     1272 
     1273    $roles = $bb_roles->role_names; 
     1274    if ( !bb_current_user_can( 'keep_gate' ) ) 
     1275        unset($roles['keymaster']); 
     1276    elseif ( $bb_current_id == $user->ID ) 
     1277        $roles = array( 'keymaster' => $roles['keymaster'] ); 
    12701278?> 
    12711279<table id="admininfo"> 
     
    12731281  <th scope="row"><?php _e('User Type:'); ?></th> 
    12741282  <td><select name="role"> 
    1275 <?php foreach( $bb_roles->role_names as $r => $n ) : if ( 'keymaster' != $r || bb_current_user_can('keep_gate') ) : ?> 
     1283<?php foreach( $roles as $r => $n ) : ?> 
    12761284       <option value="<?php echo $r; ?>"<?php if ( array_key_exists($r, $user->capabilities) ) echo ' selected="selected"'; ?>><?php echo $n; ?></option> 
    1277 <?php endif; endforeach; ?> 
     1285<?php endforeach; ?> 
    12781286      </select> 
    12791287  </td> 
  • trunk/profile-edit.php

    r873 r903  
    7878        endif; 
    7979 
    80         if ( bb_current_user_can('edit_users') ) : 
     80        if ( bb_current_user_can( 'edit_users' ) ) : 
    8181            $user_obj = new BB_User( $user->ID ); 
    82             if ( !array_key_exists($role, $user->capabilities) && array_key_exists($role, $bb_roles->roles) ) { 
     82            if ( ( 'keymaster' != $role || bb_current_user_can( 'keep_gate' ) ) && !array_key_exists($role, $user->capabilities) && array_key_exists($role, $bb_roles->roles) ) { 
    8383                $old_role = $user_obj->roles[0]; 
    84                 $user_obj->set_role($role); // Only support one role for now 
     84                if ( $bb_current_id != $user->ID || 'keymaster' != $old_role ) // keymasters cannot demote themselves 
     85                    $user_obj->set_role($role); // Only support one role for now 
    8586                if ( 'blocked' == $role && 'blocked' != $old_role ) 
    8687                    bb_break_password( $user->ID ); 
Note: See TracChangeset for help on using the changeset viewer.