Skip to content

Commit

Permalink
Dev : Fixed issue #05510 in php
Browse files Browse the repository at this point in the history 
Dev: a user can deactivate some rights for sueradmin : just acces to user right page, deactivate javascript, relaod page and go. Php control more.

git-svn-id: file:///Users/Shitiz/Downloads/lssvn/source/limesurvey_ci@11171 b72ed6b6-b9f8-46b5-92b4-906544132732
  • Loading branch information
@Shnoulle
Shnoulle committed Oct 15, 2011
1 parent 009667d commit 0e3e6a1
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 23 deletions.
20 changes: 9 additions & 11 deletions application/controllers/admin/user.php
View file
Expand Up @@ -568,17 +568,10 @@ function userrights()
{
$rights = array();

if(isset($_POST['create_survey']))$rights['create_survey']=1; else $rights['create_survey']=0;
if(isset($_POST['configurator']))$rights['configurator']=1; else $rights['configurator']=0;
if(isset($_POST['create_user']))$rights['create_user']=1; else $rights['create_user']=0;
if(isset($_POST['participant_panel']))$rights['participant_panel']=1; else $rights['participant_panel']=0;
if(isset($_POST['delete_user']))$rights['delete_user']=1; else $rights['delete_user']=0;

// Only Initial Superadmin can give this right
if(isset($_POST['superadmin']))
{
// Am I original Superadmin ?
// Initial SuperAdmin has parent_id == 0
$adminquery = "SELECT uid FROM ".$this->db->dbprefix("users")." WHERE parent_id=0";
$adminresult = db_select_limit_assoc($adminquery, 1);
Expand All @@ -597,9 +590,14 @@ function userrights()
{
$rights['superadmin']=0;
}

if(isset($_POST['manage_template']))$rights['manage_template']=1; else $rights['manage_template']=0;
if(isset($_POST['manage_label']))$rights['manage_label']=1; else $rights['manage_label']=0;

if(isset($_POST['create_survey']) || $rights['superadmin'])$rights['create_survey']=1; else $rights['create_survey']=0;
if(isset($_POST['configurator']) || $rights['superadmin'])$rights['configurator']=1; else $rights['configurator']=0;
if(isset($_POST['create_user']) || $rights['superadmin'])$rights['create_user']=1; else $rights['create_user']=0;
if(isset($_POST['participant_panel']) || $rights['superadmin'])$rights['participant_panel']=1; else $rights['participant_panel']=0;
if(isset($_POST['delete_user']) || $rights['superadmin'])$rights['delete_user']=1; else $rights['delete_user']=0;
if(isset($_POST['manage_template']) || $rights['superadmin'])$rights['manage_template']=1; else $rights['manage_template']=0;
if(isset($_POST['manage_label']) || $rights['superadmin'])$rights['manage_label']=1; else $rights['manage_label']=0;

setuserrights($postuserid, $rights);
$addsummary .= "<div class=\"successheader\">".$clang->gT("User permissions were updated successfully.")."</div>\n";
Expand Down Expand Up @@ -759,4 +757,4 @@ function _refreshtemplates() {
}
return true;
}
}
}
24 changes: 12 additions & 12 deletions application/core/Admin_Controller.php
View file
Expand Up @@ -290,18 +290,18 @@ function _GetSessionUserRights($loginID)
//$sresult = db_execute_assoc($squery); //Checked
//if ($sresult->RecordCount()>0)
if($query->num_rows() > 0)
{
//$fields = $sresult->FetchRow();
$fields = $query->row_array();
{
//$fields = $sresult->FetchRow();
$fields = $query->row_array();
$this->session->set_userdata('USER_RIGHT_SUPERADMIN', $fields['superadmin']);
$this->session->set_userdata('USER_RIGHT_CREATE_SURVEY', $fields['create_survey']);
$this->session->set_userdata('USER_RIGHT_PARTICIPANT_PANEL', $fields['participant_panel']);
$this->session->set_userdata('USER_RIGHT_CONFIGURATOR', $fields['configurator']);
$this->session->set_userdata('USER_RIGHT_CREATE_USER', $fields['create_user']);
$this->session->set_userdata('USER_RIGHT_DELETE_USER', $fields['delete_user']);
$this->session->set_userdata('USER_RIGHT_MANAGE_TEMPLATE', $fields['manage_template']);
$this->session->set_userdata('USER_RIGHT_MANAGE_LABEL', $fields['manage_label']);
}
$this->session->set_userdata('USER_RIGHT_CREATE_SURVEY', ($fields['create_survey'] || $fields['superadmin']));
$this->session->set_userdata('USER_RIGHT_PARTICIPANT_PANEL', ($fields['participant_panel'] || $fields['superadmin']));
$this->session->set_userdata('USER_RIGHT_CONFIGURATOR', ($fields['configurator'] || $fields['superadmin']));
$this->session->set_userdata('USER_RIGHT_CREATE_USER', ($fields['create_user'] || $fields['superadmin']));
$this->session->set_userdata('USER_RIGHT_DELETE_USER', ($fields['delete_user'] || $fields['superadmin']));
$this->session->set_userdata('USER_RIGHT_MANAGE_TEMPLATE', ($fields['manage_template'] || $fields['superadmin']));
$this->session->set_userdata('USER_RIGHT_MANAGE_LABEL', ($fields['manage_label'] || $fields['superadmin']));
}

// SuperAdmins
// * original superadmin with uid=1 unless manually changed and defined
Expand Down Expand Up @@ -409,4 +409,4 @@ function _loadEndScripts()

}

}
}

0 comments on commit 0e3e6a1

Please sign in to comment.