From 37a2fee2fb1affc2a3a16242109f44b14cb82723 Mon Sep 17 00:00:00 2001
From: Damien Regad <damien.regad@merckgroup.com>
Date: Thu, 29 Nov 2012 10:31:34 +0100
Subject: [PATCH] Don't send notif mail when updating Protected account's
 Access Level

Prior to this, Mantis would effectively not update the protected user
account's 'Access Level' field, but would still send a notification to
the user informing them that the field was modified, causing confusion.

The confirmation message for protected account update was reworded.

Fixes #15247
---
 lang/strings_english.txt | 2 +-
 manage_user_update.php   | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/lang/strings_english.txt b/lang/strings_english.txt
index 4e1317e063..e0eaf62c0e 100644
--- a/lang/strings_english.txt
+++ b/lang/strings_english.txt
@@ -916,7 +916,7 @@ If you requested this verification, visit the following URL to change your passw
 	'account_unlock_msg' => 'The account has been unlocked.',
 
 	# manage_user_update.php
-	'manage_user_protected_msg' => 'Account protected. Access level and enabled protected. Otherwise, account has been updated...',
+	'manage_user_protected_msg' => 'Account protected; the \'Access Level\' and \'Enabled\' fields cannot be modified. Other fields were successfully updated.',
 	'manage_user_updated_msg' => 'Account successfully updated...',
 	'email_user_updated_subject' => 'Account updated',
 	'email_user_updated_msg' => 'Your account has been updated by an administrator. A list of these changes is provided below. You can update your account details and preferences at any time by visiting the following URL:',
diff --git a/manage_user_update.php b/manage_user_update.php
index 004bc99401..ef9da89b50 100644
--- a/manage_user_update.php
+++ b/manage_user_update.php
@@ -164,6 +164,8 @@
 				protected=" . db_param() . ", realname=" . db_param() . "
 			WHERE id=" . db_param();
 	$query_params = Array( $c_username, $c_email, $c_protected, $c_realname, $c_user_id );
+	# Prevent e-mail notification for a change that did not happen
+	$f_access_level = $t_old_access_level;
 } else {
 	$query = "UPDATE $t_user_table
 			SET username=" . db_param() . ", email=" . db_param() . ",