oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed bug allowing admin to create a new user using a username that already exists

Browse source
This commit is contained in:
Roy Johnson 2006-02-18 21:15:08 +00:00
parent bc41c87d62
commit e76ea86b52
1 changed files with 8 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

13
lib/WebGUI/Operation/User.pm
View file

@ -407,11 +407,14 @@ sub www_editUserSave {
return $session->privilege->adminOnly() unless ($isAdmin || $isSecondary); return $session->privilege->adminOnly() unless ($isAdmin || $isSecondary);
# Check to see if the userId associated with the posted username matches the posted userId # Check to see if
# or that the userId is new # 1) the userId associated with the posted username matches the posted userId (we're editing an account)
# or that the username passed in isn't assigned a userId # or that the userId is new and the username selected is unique (creating new account)
# Also verify that the posted username is not blank # or that the username passed in isn't assigned a userId (changing a username)
if (($existingUserId eq $postedUserId || $postedUserId eq "new" || $existingUserId eq '') #
# Also verify that the posted username is not blank (we need a username)
#
if (($existingUserId eq $postedUserId || ($postedUserId eq "new" && !$existingUserId) || $existingUserId eq '')
&& $session->form->process("username") ne '') && $session->form->process("username") ne '')
{ {
# Create a user object with the id passed in. If the Id is 'new', the new method will return a new user, # Create a user object with the id passed in. If the Id is 'new', the new method will return a new user,