From 7b8f9027a084bbbe28c531014194b08e3dc1716c Mon Sep 17 00:00:00 2001 From: Colin Kuskie Date: Mon, 22 Mar 2010 15:56:39 -0700 Subject: [PATCH] Admin cannot be removed from admin group. An admin cannot remove themself from the Admin group. Fixes #11481. --- docs/changelog/7.x.x.txt | 1 + lib/WebGUI/Operation/User.pm | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt index 9119fc078..4f1a3178d 100644 --- a/docs/changelog/7.x.x.txt +++ b/docs/changelog/7.x.x.txt @@ -10,6 +10,7 @@ - fixed #11482: Template hard-coded in deactivateAccount - fixed #11485: RedirectAfterLoginUrl Setting should not override returnUrl and redirectAfterLogin scratch - fixed #11466: Can't delete attached file in CS + - fixed #11481: Problem assignment group Admin to an User 7.9.0 - added #11383: AJAX username checks at registration (Luke Robinson / Orchard Solutions) diff --git a/lib/WebGUI/Operation/User.pm b/lib/WebGUI/Operation/User.pm index 7f3a6f4ca..975b0a054 100644 --- a/lib/WebGUI/Operation/User.pm +++ b/lib/WebGUI/Operation/User.pm @@ -720,9 +720,9 @@ sub www_editUser { my @include; foreach my $group (@exclude) { unless ( - $group eq "1" || $group eq "2" || $group eq "7" # can't remove user from magic groups - || ($session->user->userId eq $u->userId && $group eq 3) # cannot remove self from admin - || ($u->isAdmin && $group eq "3") # admin user cannot be remove from admin + $group eq "1" || $group eq "2" || $group eq "7" # can't remove user from magic groups + || ($session->user->userId eq $uid && $group eq 3) # cannot remove self from admin + || ($uid eq '3' && $group eq "3") # user Admin cannot be removed from admin group ) { push(@include,$group); }