diff options
Diffstat (limited to 'editusers.cgi')
| -rwxr-xr-x | editusers.cgi | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/editusers.cgi b/editusers.cgi index e153cfbbc..a55fd04a7 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -761,6 +761,18 @@ sub check_user { } ($otherUser && $otherUser->id) || ThrowCodeError('invalid_user', $vars); + if (!$user->in_group('admin')) { + my $insider_group = Bugzilla->params->{insidergroup}; + if ($otherUser->in_group('admin') + || ($otherUser->in_group($insider_group) && !$user->in_group($insider_group)) + ) { + ThrowUserError('auth_failure', { + action => 'modify', + object => 'user' + }); + } + } + return $otherUser; } |