From d24c8ceae182d821e9f55d952852c03d745726e2 Mon Sep 17 00:00:00 2001
From: moodler <moodler>
Date: Sun, 12 Nov 2006 06:12:15 +0000
Subject: [PATCH] Prevent admins from unassigning themselves   MDL-7462

---
 admin/roles/assign.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/admin/roles/assign.php b/admin/roles/assign.php
index 2f98fa4bca..b36bbf1007 100755
--- a/admin/roles/assign.php
+++ b/admin/roles/assign.php
@@ -157,8 +157,17 @@
 
         } else if ($remove and !empty($frm->removeselect) and confirm_sesskey()) {
 
+            $sitecontext = get_context_instance(CONTEXT_SYSTEM);
+            $topleveladmin = ( ($context->id == $sitecontext->id) && 
+                                has_capability('moodle/site:doanything', $sitecontext) );
+
             foreach ($frm->removeselect as $removeuser) {
                 $removeuser = clean_param($removeuser, PARAM_INT);
+
+                if ($topleveladmin && ($removeuser == $USER->id)) {   // Prevent unassigning oneself from being admin
+                    continue;
+                }
+
                 if (! role_unassign($roleid, $removeuser, 0, $context->id)) {
                     $errors[] = "Could not remove user with id $removeuser from this role!";
                 } else if ($inmeta) {
-- 
2.39.5