* Fixed chief-editor not being able to create editors (garvinhicking)

diff --git a/docs/NEWS b/docs/NEWS
index 726956adf562f674f31b77facde92286022147d8..f093684521539c889f790ecb7132d85b524ff4cc 100644 (file)
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -3,6 +3,8 @@
 Version 1.0-beta2 ()
 ------------------------------------------------------------------------
 
+   * Fixed chief-editor not being able to create editors (garvinhicking)
+
    * Added turkish language by Ahmet Usal
 
    * Fix also deleting thumbnail when removing an image (garvinhicking)

diff --git a/include/admin/personal.inc.php b/include/admin/personal.inc.php
index 9274641ab0fddd4b4b342c87988355ab93865e0f..be329a053d197df11dd48229c0b84c289386119b 100644 (file)
--- a/include/admin/personal.inc.php
+++ b/include/admin/personal.inc.php
@@ -33,7 +33,13 @@ if ($serendipity['GET']['adminAction'] == 'save' && serendipity_checkFormToken()
 
                         // Check that no user may assign groups he's not allowed to.
                         foreach($_POST[$item['var']] AS $groupkey => $groupval) {
-                            if (in_array($group_val, $valid_groups)) {
+                            if (in_array($groupval, $valid_groups)) {
+                                continue;
+                            } elseif ($groupval == 2 && in_array(3, $valid_groups)) {
+                                // Admin is allowed to assign users to chief editors
+                                continue;
+                            } elseif ($groupval == 1 && in_array(2, $valid_groups)) {
+                                // Chief is allowed to assign users to editors
                                 continue;
                             }
 
@@ -47,7 +53,7 @@ if ($serendipity['GET']['adminAction'] == 'save' && serendipity_checkFormToken()
                     if (count($_POST[$item['var']]) < 1) {
                         echo '<div class="serendipityAdminMsgError">' . WARNING_NO_GROUPS_SELECTED . '</div>';
                     } else {
-                        serendipity_updateGroups($_POST[$item['var']], $serendipity['authorid']);
+                        serendipity_updateGroups($_POST[$item['var']], $serendipity['authorid'], false);
                     }
                     continue;
                 }

diff --git a/include/admin/users.inc.php b/include/admin/users.inc.php
index f6342111b0c1d4a643f9a213be09a6a2c9a2023c..e4e610e365f42fbe73537ebe109b29ef5cb263f0 100644 (file)
--- a/include/admin/users.inc.php
+++ b/include/admin/users.inc.php
@@ -52,10 +52,15 @@ if (isset($_POST['SAVE_NEW']) && serendipity_checkFormToken()) {
                         // Void, no fixing neccessarry
 
                     } elseif (serendipity_checkPermission('adminUsersMaintainSame')) {
-
                         // Check that no user may assign groups he's not allowed to.
                         foreach($_POST[$item['var']] AS $groupkey => $groupval) {
-                            if (in_array($group_val, $valid_groups)) {
+                            if (in_array($groupval, $valid_groups)) {
+                                continue;
+                            } elseif ($groupval == 2 && in_array(3, $valid_groups)) {
+                                // Admin is allowed to assign users to chief editors
+                                continue;
+                            } elseif ($groupval == 1 && in_array(2, $valid_groups)) {
+                                // Chief is allowed to assign users to editors
                                 continue;
                             }
 
@@ -69,7 +74,7 @@ if (isset($_POST['SAVE_NEW']) && serendipity_checkFormToken()) {
                     if (count($_POST[$item['var']]) < 1) {
                         echo '<div class="serendipityAdminMsgError">' . WARNING_NO_GROUPS_SELECTED . '</div>';
                     } else {
-                        serendipity_updateGroups($_POST[$item['var']], $serendipity['POST']['user']);
+                        serendipity_updateGroups($_POST[$item['var']], $serendipity['POST']['user'], false);
                     }
                     continue;
                 }
@@ -111,7 +116,13 @@ if (isset($_POST['SAVE_EDIT']) && serendipity_checkFormToken()) {
 
                         // Check that no user may assign groups he's not allowed to.
                         foreach($_POST[$item['var']] AS $groupkey => $groupval) {
-                            if (in_array($group_val, $valid_groups)) {
+                            if (in_array($groupval, $valid_groups)) {
+                                continue;
+                            } elseif ($groupval == 2 && in_array(3, $valid_groups)) {
+                                // Admin is allowed to assign users to chief editors
+                                continue;
+                            } elseif ($groupval == 1 && in_array(2, $valid_groups)) {
+                                // Chief is allowed to assign users to editors
                                 continue;
                             }
 
@@ -125,7 +136,7 @@ if (isset($_POST['SAVE_EDIT']) && serendipity_checkFormToken()) {
                     if (count($_POST[$item['var']]) < 1) {
                         echo '<div class="serendipityAdminMsgError">' . WARNING_NO_GROUPS_SELECTED . '</div>';
                     } else {
-                        serendipity_updateGroups($_POST[$item['var']], $serendipity['POST']['user']);
+                        serendipity_updateGroups($_POST[$item['var']], $serendipity['POST']['user'], false);
                     }
                     continue;
                 }