From 92a22a4f1fe7980a34786afe082a355704903934 Mon Sep 17 00:00:00 2001 From: garvinhicking Date: Mon, 6 Jun 2005 07:45:00 +0000 Subject: [PATCH] Change of behavior: If a user does not have a certain privilege, he should not be able to set that privilege for others / other groups --- include/admin/groups.inc.php | 2 +- include/functions_config.inc.php | 10 +++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/include/admin/groups.inc.php b/include/admin/groups.inc.php index 323822b..1897924 100644 --- a/include/admin/groups.inc.php +++ b/include/admin/groups.inc.php @@ -153,7 +153,7 @@ foreach($allusers AS $user) { $section = $perm; } - if (in_array('protected', $userlevels, true) && !serendipity_checkPermission($perm)) { + if (!serendipity_checkPermission($perm)) { echo "\n"; echo "$indent" . htmlspecialchars($perm) . "\n"; echo '' . $indentB . ' ' . (!empty($selected) ? YES : NO) . '' . "\n"; diff --git a/include/functions_config.inc.php b/include/functions_config.inc.php index 961a40c..06b9ebf 100644 --- a/include/functions_config.inc.php +++ b/include/functions_config.inc.php @@ -567,7 +567,7 @@ function serendipity_getPermissionNames() { 'adminUsersMaintainSame' => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF), 'adminUsersMaintainOthers' - => array('protected', USERLEVEL_ADMIN), + => array(USERLEVEL_ADMIN), 'adminUsersCreateNew' => array(USERLEVEL_ADMIN, USERLEVEL_CHIEF), 'adminUsersGroups' @@ -862,8 +862,12 @@ function serendipity_updateGroupConfig($groupid, &$perms, &$values) { $value = 'false'; } - if (in_array('protected', $userlevels) && !serendipity_checkPermission($perm)) { - $value = $storage[$perm]; + if (!serendipity_checkPermission($perm)) { + if (!isset($storage[$perm])) { + $value = 'false'; + } else { + $value = $storage[$perm]; + } } serendipity_db_query( -- 2.39.5