summaryrefslogtreecommitdiffstats
path: root/web/lib/acctfuncs.inc.php
diff options
context:
space:
mode:
Diffstat (limited to 'web/lib/acctfuncs.inc.php')
-rw-r--r--web/lib/acctfuncs.inc.php29
1 files changed, 29 insertions, 0 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 3fd23ae4..81e06b6a 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -1015,3 +1015,32 @@ function cast_proposal_vote($voteid, $uid, $vote, $newtotal, $dbh=NULL) {
$q = "INSERT INTO TU_Votes (VoteID, UserID) VALUES (" . intval($voteid) . ", " . intval($uid) . ")";
$result = $dbh->exec($q);
}
+
+/**
+ * Verify a user has the proper permissions to edit an account
+ *
+ * @param string $atype Account type of the editing user
+ * @param array $acctinfo User account information for edited account
+ * @param int $uid User ID of the editing user
+ *
+ * @return bool True if permission to edit the account, otherwise false
+ */
+function can_edit_account($atype, $acctinfo, $uid) {
+ /* Developers can edit any account */
+ if ($atype == 'Developer') {
+ return true;
+ }
+
+ /* Trusted Users can edit all accounts except Developer accounts */
+ if ($atype == 'Trusted User' &&
+ $acctinfo['AccountType'] != 'Developer') {
+ return true;
+ }
+
+ /* Users can edit only their own account */
+ if ($acctinfo['ID'] == $uid) {
+ return true;
+ }
+
+ return false;
+}