From ee4d32501ab47578743ac075f37733dcd4b0eb31 Mon Sep 17 00:00:00 2001
From: "cyeh%bluemartini.com" <>
Date: Sat, 16 Sep 2000 05:20:54 +0000
Subject: front end fix for 31456: Editing a superuser clears their access
 flags patch by jmrobin@tgix.com

---
 editusers.cgi | 46 ++++++++++++++++++++++++++--------------------
 1 file changed, 26 insertions(+), 20 deletions(-)

(limited to 'editusers.cgi')

diff --git a/editusers.cgi b/editusers.cgi
index 3af80a86a..e5784c8db 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -746,27 +746,33 @@ if ($action eq 'update') {
         SendSQL("SELECT groupset FROM profiles WHERE login_name=" .
                 SqlQuote($userold));
         $groupsetold = FetchOneColumn();
-        SendSQL("UPDATE profiles
-		 SET groupset = 
+        # Updated, 5/7/00, Joe Robins
+        # We don't want to change the groupset of a superuser.
+        if($groupsetold eq $::superusergroupset) {
+          print "Cannot change permissions of superuser.\n";
+        } else {
+           SendSQL("UPDATE profiles
+                    SET groupset =
                          groupset - (groupset & $opblessgroupset) + $groupset
-		 WHERE login_name=" . SqlQuote($userold));
-
-        # I'm paranoid that someone who I give the ability to bless people
-        # will start misusing it.  Let's log who blesses who (even though
-        # nothing actually uses this log right now).
-        my $fieldid = GetFieldID("groupset");
-        SendSQL("SELECT userid, groupset FROM profiles WHERE login_name=" .
-                SqlQuote($userold));
-        my $u;
-        ($u, $groupset) = (FetchSQLData());
-        if ($groupset ne $groupsetold) {
-            SendSQL("INSERT INTO profiles_activity " .
-                    "(userid,who,profiles_when,fieldid,oldvalue,newvalue) " .
-                    "VALUES " .
-                    "($u, $::userid, now(), $fieldid, " .
-                    " $groupsetold, $groupset)");
-        }
-	print "Updated permissions.\n";
+                    WHERE login_name=" . SqlQuote($userold));
+
+           # I'm paranoid that someone who I give the ability to bless people
+           # will start misusing it.  Let's log who blesses who (even though
+           # nothing actually uses this log right now).
+           my $fieldid = GetFieldID("groupset");
+           SendSQL("SELECT userid, groupset FROM profiles WHERE login_name=" .
+                   SqlQuote($userold));
+           my $u;
+           ($u, $groupset) = (FetchSQLData());
+           if ($groupset ne $groupsetold) {
+               SendSQL("INSERT INTO profiles_activity " .
+                       "(userid,who,profiles_when,fieldid,oldvalue,newvalue) " .
+                       "VALUES " .
+                       "($u, $::userid, now(), $fieldid, " .
+                       " $groupsetold, $groupset)");
+           }
+	   print "Updated permissions.\n";
+       }
     }
 
     if ($editall && $blessgroupset ne $blessgroupsetold) {
-- 
cgit v1.2.3-24-g4f1b