]> git.mjollnir.org Git - s9y.git/commitdiff
projects / s9y.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 818fd12)
fix user checks
authorgarvinhicking <garvinhicking>
Thu, 8 Dec 2005 11:03:32 +0000 (11:03 +0000)
committergarvinhicking <garvinhicking>
Thu, 8 Dec 2005 11:03:32 +0000 (11:03 +0000)
docs/NEWS patch | blob | history
include/admin/users.inc.php patch | blob | history

diff --git a/docs/NEWS b/docs/NEWS
index e2eba8ae8da0f81c4964537114cfd62086af9db0..ab175ffd4da8a9a3fc07f2055773682352ba69af 100644 (file)
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -3,6 +3,11 @@
 Version 0.9.2 ()
 ------------------------------------------------------------------------
 
+   * Fix not being able to create users of the same userlevel when
+     being admin [workaround was to first create user with lower userlevel
+     and then edit the user account, which lead to propper permission 
+     checks]
+
    * Include a template's "config.inc.php" also when previewing an entry,
      so that custom functions can be called (garvinhicking)
 
diff --git a/include/admin/users.inc.php b/include/admin/users.inc.php
index 67df299e8dd55834940bbd9e395a37b42745d9ce..5e413f797167bb5a4f2eef8bfc4ac9d238dcc9d2 100644 (file)
--- a/include/admin/users.inc.php
+++ b/include/admin/users.inc.php
@@ -15,7 +15,7 @@ require_once(S9Y_INCLUDE_PATH . 'include/functions_installer.inc.php');
 /* Delete a user */
 if (isset($_POST['DELETE_YES']) && serendipity_checkFormToken()) {
     $user = serendipity_fetchUsers($serendipity['POST']['user']);
-    if ($user[0]['userlevel'] >= $serendipity['serendipityUserlevel'] || !serendipity_checkPermission('adminUsersDelete')) {
+    if (($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && $user[0]['userlevel'] >= $serendipity['serendipityUserlevel']) || !serendipity_checkPermission('adminUsersDelete')) {
         echo '<div class="serendipityAdminMsgError">' . CREATE_NOT_AUTHORIZED . '</div>';
     } elseif ($_POST['userlevel'] > $serendipity['serendipityUserlevel']) {
         echo '<div class="serendipityAdminMsgError">' . CREATE_NOT_AUTHORIZED_USERLEVEL . '</div>';
@@ -36,7 +36,7 @@ if (isset($_POST['DELETE_YES']) && serendipity_checkFormToken()) {
 
 /* Save new user */
 if (isset($_POST['SAVE_NEW']) && serendipity_checkFormToken()) {
-    if ($_POST['userlevel'] >= $serendipity['serendipityUserlevel'] || !serendipity_checkPermission('adminUsersCreateNew')) {
+    if (($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && $_POST['userlevel'] >= $serendipity['serendipityUserlevel']) || !serendipity_checkPermission('adminUsersCreateNew')) {
         echo '<div class="serendipityAdminMsgError">' . CREATE_NOT_AUTHORIZED . '</div>';
     } else {
         $serendipity['POST']['user'] = serendipity_addAuthor($_POST['username'], $_POST['pass'], $_POST['realname'], $_POST['email'], $_POST['userlevel']);
import of upstream's svn repo, along with my own branches