if ($serendipity['GET']['adminAction'] == 'save' && serendipity_checkFormToken()) {
$config = serendipity_parseTemplate(S9Y_CONFIG_USERTEMPLATE);
- if (!serendipity_checkPermission('adminUsersEditUserlevel') && (int)$_POST['userlevel'] > $serendipity['serendipityUserlevel']) {
+ if ( (!serendipity_checkPermission('adminUsersEditUserlevel') || !serendipity_checkPermission('adminUsersMaintainOthers') )
+ && (int)$_POST['userlevel'] > $serendipity['serendipityUserlevel']) {
echo '<div class="serendipityAdminMsgError">' . CREATE_NOT_AUTHORIZED_USERLEVEL . '</div>';
} elseif (!empty($_POST['password']) && $_POST['check_password'] != $_SESSION['serendipityPassword'] && md5($_POST['check_password']) != $_SESSION['serendipityPassword']) {
echo '<div class="serendipityAdminMsgError">' . USERCONF_CHECK_PASSWORD_ERROR . '</div>';
foreach($config as $category) {
foreach ($category['items'] as $item) {
if (in_array('groups', $item['flags'])) {
+ if (serendipity_checkPermission('adminUsersMaintainOthers')) {
+
+ // Void, no fixing neccessarry
+
+ } elseif (serendipity_checkPermission('adminUsersMaintainSame')) {
+
+ // Check that no user may assign groups he's not allowed to.
+ foreach($_POST[$item['var']] AS $groupkey => $groupval) {
+ if (in_array($group_val, $valid_groups)) {
+ continue;
+ }
+
+ unset($_POST[$item['var']][$groupkey]);
+ }
+
+ } else {
+ continue;
+ }
+
serendipity_updateGroups($_POST[$item['var']], $serendipity['authorid']);
continue;
}
serendipity_set_config_var($item['var'], $_POST[$item['var']], $serendipity['authorid']);
}
}
+
+ $pl_data = array(
+ 'authorid' => $serendipity['POST']['authorid'],
+ 'username' => $_POST['username'],
+ 'realname' => $_POST['realname'],
+ 'email' => $_POST['email']
+ );
+ serendipity_updatePermalink($pl_data, 'author');
+ serendipity_plugin_api::hook_event('backend_users_edit', $pl_data);
}
$from = $_POST;
?>
projects / s9y.git / commitdiff