* Fixed chief-editor not being able to create editors (garvinhicking)

diff --git a/docs/NEWS b/docs/NEWS
index 6c40f7f653688f4b12eff8b7737c7afad04ce590..f5b056036db772066d9d1d464197d364c03fe1da 100644 (file)
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -36,6 +36,8 @@ Version 1.1-alpha1()
 Version 1.0-beta2 ()
 ------------------------------------------------------------------------
 
+   * Fixed chief-editor not being able to create editors (garvinhicking)
+
    * Added turkish language by Ahmet Usal
 
    * Fix also deleting thumbnail when removing an image (garvinhicking)

diff --git a/include/admin/personal.inc.php b/include/admin/personal.inc.php
index ce562ea440c067ceae994fba1676db18291daded..6d56e6156a6df5e881ee7dcea8463261855b4c28 100644 (file)
--- a/include/admin/personal.inc.php
+++ b/include/admin/personal.inc.php
@@ -35,7 +35,13 @@ if ($serendipity['GET']['adminAction'] == 'save' && serendipity_checkFormToken()
 
                         // Check that no user may assign groups he's not allowed to.
                         foreach($_POST[$item['var']] AS $groupkey => $groupval) {
-                            if (in_array($group_val, $valid_groups)) {
+                            if (in_array($groupval, $valid_groups)) {
+                                continue;
+                            } elseif ($groupval == 2 && in_array(3, $valid_groups)) {
+                                // Admin is allowed to assign users to chief editors
+                                continue;
+                            } elseif ($groupval == 1 && in_array(2, $valid_groups)) {
+                                // Chief is allowed to assign users to editors
                                 continue;
                             }
 
@@ -49,7 +55,7 @@ if ($serendipity['GET']['adminAction'] == 'save' && serendipity_checkFormToken()
                     if (count($_POST[$item['var']]) < 1) {
                         echo '<div class="serendipityAdminMsgError">' . WARNING_NO_GROUPS_SELECTED . '</div>';
                     } else {
-                        serendipity_updateGroups($_POST[$item['var']], $serendipity['authorid']);
+                        serendipity_updateGroups($_POST[$item['var']], $serendipity['authorid'], false);
                     }
                     continue;
                 }

diff --git a/include/admin/users.inc.php b/include/admin/users.inc.php
index f6342111b0c1d4a643f9a213be09a6a2c9a2023c..e4e610e365f42fbe73537ebe109b29ef5cb263f0 100644 (file)
--- a/include/admin/users.inc.php
+++ b/include/admin/users.inc.php
@@ -52,10 +52,15 @@ if (isset($_POST['SAVE_NEW']) && serendipity_checkFormToken()) {
                         // Void, no fixing neccessarry
 
                     } elseif (serendipity_checkPermission('adminUsersMaintainSame')) {
-
                         // Check that no user may assign groups he's not allowed to.
                         foreach($_POST[$item['var']] AS $groupkey => $groupval) {
-                            if (in_array($group_val, $valid_groups)) {
+                            if (in_array($groupval, $valid_groups)) {
+                                continue;
+                            } elseif ($groupval == 2 && in_array(3, $valid_groups)) {
+                                // Admin is allowed to assign users to chief editors
+                                continue;
+                            } elseif ($groupval == 1 && in_array(2, $valid_groups)) {
+                                // Chief is allowed to assign users to editors
                                 continue;
                             }
 
@@ -69,7 +74,7 @@ if (isset($_POST['SAVE_NEW']) && serendipity_checkFormToken()) {
                     if (count($_POST[$item['var']]) < 1) {
                         echo '<div class="serendipityAdminMsgError">' . WARNING_NO_GROUPS_SELECTED . '</div>';
                     } else {
-                        serendipity_updateGroups($_POST[$item['var']], $serendipity['POST']['user']);
+                        serendipity_updateGroups($_POST[$item['var']], $serendipity['POST']['user'], false);
                     }
                     continue;
                 }
@@ -111,7 +116,13 @@ if (isset($_POST['SAVE_EDIT']) && serendipity_checkFormToken()) {
 
                         // Check that no user may assign groups he's not allowed to.
                         foreach($_POST[$item['var']] AS $groupkey => $groupval) {
-                            if (in_array($group_val, $valid_groups)) {
+                            if (in_array($groupval, $valid_groups)) {
+                                continue;
+                            } elseif ($groupval == 2 && in_array(3, $valid_groups)) {
+                                // Admin is allowed to assign users to chief editors
+                                continue;
+                            } elseif ($groupval == 1 && in_array(2, $valid_groups)) {
+                                // Chief is allowed to assign users to editors
                                 continue;
                             }
 
@@ -125,7 +136,7 @@ if (isset($_POST['SAVE_EDIT']) && serendipity_checkFormToken()) {
                     if (count($_POST[$item['var']]) < 1) {
                         echo '<div class="serendipityAdminMsgError">' . WARNING_NO_GROUPS_SELECTED . '</div>';
                     } else {
-                        serendipity_updateGroups($_POST[$item['var']], $serendipity['POST']['user']);
+                        serendipity_updateGroups($_POST[$item['var']], $serendipity['POST']['user'], false);
                     }
                     continue;
                 }