[geeklog-cvs] geeklog: Don't allow to add/remove users to/from the All Users a...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Wed Apr 29 06:16:27 EDT 2009
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/8761e07824a3
changeset: 6996:8761e07824a3
user: Dirk Haun <dirk at haun-online.de>
date: Wed Apr 29 12:16:17 2009 +0200
description:
Don't allow to add/remove users to/from the All Users and Logged-in Users groups via the group editor (bugs #0000863 and #0000864)
diffstat:
3 files changed, 69 insertions(+), 57 deletions(-)
public_html/admin/group.php | 12 +++-
public_html/docs/history | 2
system/lib-admin.php | 112 ++++++++++++++++++++++---------------------
diffs (161 lines):
diff -r f716802f814b -r 8761e07824a3 public_html/admin/group.php
--- a/public_html/admin/group.php Tue Apr 28 21:43:52 2009 +0200
+++ b/public_html/admin/group.php Wed Apr 29 12:16:17 2009 +0200
@@ -899,14 +899,18 @@
$retval = '';
+ $grp_name = DB_getItem($_TABLES['groups'], 'grp_name', "grp_id = $group");
+
$thisUsersGroups = SEC_getUserGroups();
$groupName = DB_getItem($_TABLES['groups'], 'grp_name', "grp_id='$group'");
- if (!empty($group) && ($group > 0) && !in_array($group, $thisUsersGroups) &&
- !SEC_groupIsRemoteUserAndHaveAccess($group, $thisUsersGroups)) {
+ if ((!empty($group) && ($group > 0) &&
+ !in_array($group, $thisUsersGroups) &&
+ !SEC_groupIsRemoteUserAndHaveAccess($group, $thisUsersGroups))
+ || (($grp_name == 'All Users') ||
+ ($grp_name == 'Logged-in Users'))) {
$retval .= COM_startBlock($LANG_ACCESS['usergroupadmin'], '',
COM_getBlockTemplate('_msg_block', 'header'));
- if (!SEC_inGroup('Root') && (DB_getItem($_TABLES['groups'],
- 'grp_name', "grp_id = $group") == 'Root')) {
+ if (!SEC_inGroup('Root') && ($grp_name == 'Root')) {
$retval .= $LANG_ACCESS['canteditroot'];
COM_accessLog("User {$_USER['username']} tried to edit the Root group with insufficient privileges.");
} else {
diff -r f716802f814b -r 8761e07824a3 public_html/docs/history
--- a/public_html/docs/history Tue Apr 28 21:43:52 2009 +0200
+++ b/public_html/docs/history Wed Apr 29 12:16:17 2009 +0200
@@ -11,6 +11,8 @@
+ Comment moderation and editable comments, by Jared Wenerd
Other changes:
+- Don't allow to add/remove users to/from the All Users and Logged-in Users
+ groups via the group editor (bugs #0000863 and #0000864) [Dirk]
- Cosmetic changes to the form to add/remove users to/from groups, for
consistency with the other admin panels [Dirk]
- Document where CUSTOM_templateSetVars is actually called from (bug #0000862)
diff -r f716802f814b -r 8761e07824a3 system/lib-admin.php
--- a/system/lib-admin.php Tue Apr 28 21:43:52 2009 +0200
+++ b/system/lib-admin.php Wed Apr 29 12:16:17 2009 +0200
@@ -703,60 +703,66 @@
$show_all_groups = true;
}
- if (in_array ($A['grp_id'], $thisUsersGroups ) ||
- SEC_groupIsRemoteUserAndHaveAccess( $A['grp_id'], $thisUsersGroups )) {
+ if (in_array($A['grp_id'], $thisUsersGroups) ||
+ SEC_groupIsRemoteUserAndHaveAccess($A['grp_id'], $thisUsersGroups)) {
switch($fieldname) {
- case 'edit':
- if ($show_all_groups) {
- $retval = COM_createLink($icon_arr['edit'],
- "{$_CONF['site_admin_url']}/group.php?mode=edit&grp_id={$A['grp_id']}&chk_showall=1");
- } else {
- $retval = COM_createLink($icon_arr['edit'],
- "{$_CONF['site_admin_url']}/group.php?mode=edit&grp_id={$A['grp_id']}");
- }
- break;
- case 'grp_gl_core':
- if ($A['grp_gl_core'] == 1) {
- $retval = $LANG_ACCESS['yes'];
- } else {
- $retval = $LANG_ACCESS['no'];
- }
- break;
- case 'list':
- if ($show_all_groups) {
- $retval = COM_createLink($icon_arr['list'],
- "{$_CONF['site_admin_url']}/group.php?mode=listusers&grp_id={$A['grp_id']}&chk_showall=1")
- ." "
- . COM_createLink($icon_arr['edit'],
- "{$_CONF['site_admin_url']}/group.php?mode=editusers&grp_id={$A['grp_id']}&chk_showall=1");
- } else {
- $retval = COM_createLink($icon_arr['list'],
- "{$_CONF['site_admin_url']}/group.php?mode=listusers&grp_id={$A['grp_id']}")
- ." "
- . COM_createLink($icon_arr['edit'],
- "{$_CONF['site_admin_url']}/group.php?mode=editusers&grp_id={$A['grp_id']}");
- }
- break;
- case 'checkbox':
- $retval = '<input type="checkbox" name="groups[]" value="'
- . $A['grp_id'] . '"';
- if (is_array($selected) && in_array($A['grp_id'], $selected)) {
- $retval .= ' checked="checked"';
- }
- $retval .= XHTML . '>';
- break;
- case 'disabled-checkbox':
- $retval = '<input type="checkbox" checked="checked" '
- . 'disabled="disabled"' . XHTML . '>'
- . '<input type="hidden" name="groups[]" value="'
- . $A['grp_id'] . '"' . XHTML . '>';
- break;
- case 'grp_name':
- $retval = ucwords($fieldvalue);
- break;
- default:
- $retval = $fieldvalue;
- break;
+ case 'edit':
+ $url = $_CONF['site_admin_url'] . '/group.php?mode=edit&grp_id='
+ . $A['grp_id'];
+ if ($show_all_groups) {
+ $url .= '&chk_showall=1';
+ }
+ $retval = COM_createLink($icon_arr['edit'], $url);
+ break;
+
+ case 'grp_gl_core':
+ if ($A['grp_gl_core'] == 1) {
+ $retval = $LANG_ACCESS['yes'];
+ } else {
+ $retval = $LANG_ACCESS['no'];
+ }
+ break;
+
+ case 'list':
+ $url = $_CONF['site_admin_url'] . '/group.php?mode=';
+ if ($show_all_groups) {
+ $param = '&grp_id=' . $A['grp_id'] . '&chk_showall=1';
+ } else {
+ $param = '&grp_id=' . $A['grp_id'];
+ }
+
+ $retval = COM_createLink($icon_arr['list'],
+ $url . 'listusers' . $param);
+ if (($A['grp_name'] != 'All Users') &&
+ ($A['grp_name'] != 'Logged-in Users')) {
+ $retval .= ' ' . COM_createLink($icon_arr['edit'],
+ $url . 'editusers' . $param);
+ }
+ break;
+
+ case 'checkbox':
+ $retval = '<input type="checkbox" name="groups[]" value="'
+ . $A['grp_id'] . '"';
+ if (is_array($selected) && in_array($A['grp_id'], $selected)) {
+ $retval .= ' checked="checked"';
+ }
+ $retval .= XHTML . '>';
+ break;
+
+ case 'disabled-checkbox':
+ $retval = '<input type="checkbox" checked="checked" '
+ . 'disabled="disabled"' . XHTML . '>'
+ . '<input type="hidden" name="groups[]" value="'
+ . $A['grp_id'] . '"' . XHTML . '>';
+ break;
+
+ case 'grp_name':
+ $retval = ucwords($fieldvalue);
+ break;
+
+ default:
+ $retval = $fieldvalue;
+ break;
}
}
More information about the geeklog-cvs
mailing list