Fixed issue #16958: User with roles can not have more rights (#1835)

Added a warning message to the assignment of permissions. Modified the controller so that it effectively cleans up the roles when you assign individual permissions.
LimeSurvey · Apr 7, 2021 · 83668ed · 83668ed
1 parent 76f707d
commit 83668ed
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/application/controllers/UserManagementController.php b/application/controllers/UserManagementController.php
@@ -416,6 +416,9 @@ public function actionSaveUserPermissions()
         }
         $userId = Yii::app()->request->getPost('userid');
         $aPermissions = Yii::app()->request->getPost('Permission', []);
+
+        Permissiontemplates::model()->clearUser($userId);
+
         $results = $this->applyPermissionFromArray($userId, $aPermissions);
 
         $oUser = User::model()->findByPk($userId);

diff --git a/application/views/userManagement/partial/editpermissions.php b/application/views/userManagement/partial/editpermissions.php
@@ -66,6 +66,13 @@
                     <?php endforeach; ?>
 
                 </table>
+            <div class="row ls-space margin top-25">
+                <?php if (safecount(Permission::model()->getUserRole($oUser->uid)) > 0 ): ?>
+                    <div class="col-xs-12 alert alert-warning">
+                        <?= gT("Warning: The user has at least one role assigned. Setting individual user permissions will remove all roles from this user!") ?>
+                    </div>
+                <?php endif; ?>
+            </div>
             <div class="row ls-space margin top-25">
                 <button class="btn btn-success col-sm-3 col-xs-5 col-xs-offset-1 selector--submitForm" id="permission-modal-submitForm"><?=gT('Save')?></button>
                 <button class="btn btn-error col-sm-3 col-xs-5 col-xs-offset-1 selector--exitForm" id="permission-modal-exitForm"><?=gT('Cancel')?></button>