diff options
| author | cyeh%bluemartini.com <> | 2000-09-16 07:20:54 +0200 |
|---|---|---|
| committer | cyeh%bluemartini.com <> | 2000-09-16 07:20:54 +0200 |
| commit | ee4d32501ab47578743ac075f37733dcd4b0eb31 (patch) | |
| tree | 03bccb0176b5a5f88bf54f2e6fd90e8f9cd42480 /editusers.cgi | |
| parent | 391664703db43356450e6e471e30f4053a2e62a2 (diff) | |
| download | bugzilla-ee4d32501ab47578743ac075f37733dcd4b0eb31.tar.gz bugzilla-ee4d32501ab47578743ac075f37733dcd4b0eb31.tar.xz | |
front end fix for 31456: Editing a superuser clears their access flags
patch by jmrobin@tgix.com
Diffstat (limited to 'editusers.cgi')
| -rwxr-xr-x | editusers.cgi | 46 |
1 files changed, 26 insertions, 20 deletions
diff --git a/editusers.cgi b/editusers.cgi index 3af80a86a..e5784c8db 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -746,27 +746,33 @@ if ($action eq 'update') { SendSQL("SELECT groupset FROM profiles WHERE login_name=" . SqlQuote($userold)); $groupsetold = FetchOneColumn(); - SendSQL("UPDATE profiles - SET groupset = + # Updated, 5/7/00, Joe Robins + # We don't want to change the groupset of a superuser. + if($groupsetold eq $::superusergroupset) { + print "Cannot change permissions of superuser.\n"; + } else { + SendSQL("UPDATE profiles + SET groupset = groupset - (groupset & $opblessgroupset) + $groupset - WHERE login_name=" . SqlQuote($userold)); - - # I'm paranoid that someone who I give the ability to bless people - # will start misusing it. Let's log who blesses who (even though - # nothing actually uses this log right now). - my $fieldid = GetFieldID("groupset"); - SendSQL("SELECT userid, groupset FROM profiles WHERE login_name=" . - SqlQuote($userold)); - my $u; - ($u, $groupset) = (FetchSQLData()); - if ($groupset ne $groupsetold) { - SendSQL("INSERT INTO profiles_activity " . - "(userid,who,profiles_when,fieldid,oldvalue,newvalue) " . - "VALUES " . - "($u, $::userid, now(), $fieldid, " . - " $groupsetold, $groupset)"); - } - print "Updated permissions.\n"; + WHERE login_name=" . SqlQuote($userold)); + + # I'm paranoid that someone who I give the ability to bless people + # will start misusing it. Let's log who blesses who (even though + # nothing actually uses this log right now). + my $fieldid = GetFieldID("groupset"); + SendSQL("SELECT userid, groupset FROM profiles WHERE login_name=" . + SqlQuote($userold)); + my $u; + ($u, $groupset) = (FetchSQLData()); + if ($groupset ne $groupsetold) { + SendSQL("INSERT INTO profiles_activity " . + "(userid,who,profiles_when,fieldid,oldvalue,newvalue) " . + "VALUES " . + "($u, $::userid, now(), $fieldid, " . + " $groupsetold, $groupset)"); + } + print "Updated permissions.\n"; + } } if ($editall && $blessgroupset ne $blessgroupsetold) { |