From c44a5a1bb67aec26882d6e8a982080d5127e6f48 Mon Sep 17 00:00:00 2001
From: Colin Kuskie <colink@perldreamer.com>
Date: Tue, 11 Dec 2007 21:04:21 +0000
Subject: [PATCH] forward porting secondary admin group access privileges when
 creating users

---
 docs/changelog/7.x.x.txt     |  2 ++
 lib/WebGUI/Operation/User.pm | 10 ++++++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index 734e91622..2a95c367d 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -14,6 +14,8 @@
    requestAutoCommit
  - fix: Some urls cause an asset to be inaccessible after creation/editing (perlDreamer Consulting, LLC.)
      http://www.plainblack.com/bugs/tracker/some-urls-cause-an-asset-to-be-inaccessible-after-creation/editing
+ - fix: Secondary Admin can create user with Admin Privilege (IRC:blacksilver)
+     http://www.plainblack.com/bugs/tracker/secondary-admin-can-create-user-with-admin-privilege
 
 7.4.17
  - fix: double width characters encoded incorrectly in Collaboration RSS feed
diff --git a/lib/WebGUI/Operation/User.pm b/lib/WebGUI/Operation/User.pm
index f1ea9736f..912db4a12 100644
--- a/lib/WebGUI/Operation/User.pm
+++ b/lib/WebGUI/Operation/User.pm
@@ -404,12 +404,18 @@ sub www_editUser {
 		$tabform->getTab("profile")->fieldSetEnd($category->getLabel);
 	}
 	my @groupsToAdd = $session->form->group("groupsToAdd");
-	my @exclude = $session->db->buildArray("select groupId from groupings where userId=".$session->db->quote($u->userId));
+	my @exclude = $session->db->buildArray("select groupId from groupings where userId=?",[$u->userId]);
 	@exclude = (@exclude,"1","2","7");
+    my $secondaryAdmin = $session->user->isInGroup('11');
+    my @extraExclude = ();
+    if ($secondaryAdmin && !$session->user->isInGroup(3)) {
+        @extraExclude = $session->db->buildArray('select groupId from groups where groupId not in (select groupId from groupings where userId=?)',[$session->user->userId]);
+    }
+    push @extraExclude, @exclude;
 	$tabform->getTab("groups")->group(
 		-name=>"groupsToAdd",
 		-label=>$i18n->get("groups to add"),
-		-excludeGroups=>\@exclude,
+		-excludeGroups=>\@extraExclude,
 		-size=>15,
 		-multiple=>1,
 		-value=>\@groupsToAdd