From: garvinhicking <garvinhicking>
Date: Mon, 24 Oct 2005 17:19:59 +0000 (+0000)
Subject: Try to fix some userlevel stuff
X-Git-Tag: 0.9~30
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=5a16b835003f4e51ac55bd6455ff9b95e5b4b06e;p=s9y.git

Try to fix some userlevel stuff
---

diff --git a/include/admin/personal.inc.php b/include/admin/personal.inc.php
index 0815ee8..a0c9944 100644
--- a/include/admin/personal.inc.php
+++ b/include/admin/personal.inc.php
@@ -14,7 +14,8 @@ $from = array();
 
 if ($serendipity['GET']['adminAction'] == 'save' && serendipity_checkFormToken()) {
     $config = serendipity_parseTemplate(S9Y_CONFIG_USERTEMPLATE);
-    if (!serendipity_checkPermission('adminUsersEditUserlevel') && (int)$_POST['userlevel'] > $serendipity['serendipityUserlevel']) {
+    if ( (!serendipity_checkPermission('adminUsersEditUserlevel') || !serendipity_checkPermission('adminUsersMaintainOthers') ) 
+          && (int)$_POST['userlevel'] > $serendipity['serendipityUserlevel']) {
         echo '<div class="serendipityAdminMsgError">' . CREATE_NOT_AUTHORIZED_USERLEVEL . '</div>';
     } elseif (!empty($_POST['password']) && $_POST['check_password'] != $_SESSION['serendipityPassword'] && md5($_POST['check_password']) != $_SESSION['serendipityPassword']) {
         echo '<div class="serendipityAdminMsgError">' . USERCONF_CHECK_PASSWORD_ERROR . '</div>';
@@ -22,6 +23,25 @@ if ($serendipity['GET']['adminAction'] == 'save' && serendipity_checkFormToken()
         foreach($config as $category) {
             foreach ($category['items'] as $item) {
                 if (in_array('groups', $item['flags'])) {
+                    if (serendipity_checkPermission('adminUsersMaintainOthers')) {
+
+                        // Void, no fixing neccessarry
+
+                    } elseif (serendipity_checkPermission('adminUsersMaintainSame')) {
+
+                        // Check that no user may assign groups he's not allowed to.
+                        foreach($_POST[$item['var']] AS $groupkey => $groupval) {
+                            if (in_array($group_val, $valid_groups)) {
+                                continue;
+                            }
+
+                            unset($_POST[$item['var']][$groupkey]);
+                        }
+
+                    } else {
+                        continue;
+                    }
+
                     serendipity_updateGroups($_POST[$item['var']], $serendipity['authorid']);
                     continue;
                 }
@@ -34,6 +54,15 @@ if ($serendipity['GET']['adminAction'] == 'save' && serendipity_checkFormToken()
                     serendipity_set_config_var($item['var'], $_POST[$item['var']], $serendipity['authorid']);
                 }
             }
+
+            $pl_data = array(
+                'authorid' => $serendipity['POST']['authorid'],
+                'username' => $_POST['username'],
+                'realname' => $_POST['realname'],
+                'email'    => $_POST['email']
+            );
+            serendipity_updatePermalink($pl_data, 'author');
+            serendipity_plugin_api::hook_event('backend_users_edit', $pl_data);
         }
         $from = $_POST;
 ?>