Make sure super admin is never locked out.

Role overriding seemed in the wrong order for shared users, to be verified
pydio · Sep 19, 2014 · d119ff2 · d119ff2
1 parent c70aed2
commit d119ff2
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/core/src/plugins/core.conf/class.AbstractAjxpUser.php b/core/src/plugins/core.conf/class.AbstractAjxpUser.php
@@ -223,11 +223,11 @@ public function removeLock()
 
     public function getLock()
     {
+        if($this->isAdmin() && $this->getGroupPath() == "/") return false;
         if (!empty($this->rights["ajxp.lock"])) {
             return $this->rights["ajxp.lock"];
         }
         return $this->mergedRole->filterParameterValue('core.conf', 'USER_LOCK_ACTION', AJXP_REPO_SCOPE_ALL, false);
-        //return false;
     }
 
     public function isAdmin()
@@ -431,14 +431,14 @@ public function recomputeMergedRole()
             //... but we want the parent user's role, filtered with inheritable properties only.
             $stretchedParentUserRole = AuthService::limitedRoleFromParent($this->parentUser);
             if ($stretchedParentUserRole !== null) {
-                $this->parentRole = $this->parentRole->override($stretchedParentUserRole);
+                $this->parentRole = $stretchedParentUserRole->override($this->parentRole);  //$this->parentRole->override($stretchedParentUserRole);
                 // REAPPLY SPECIFIC "SHARED" ROLES
                 foreach ($this->roles as $role) {
                     if(! $role->autoAppliesTo("shared")) continue;
                     $this->parentRole = $role->override($this->parentRole);
                 }
             }
-            $this->mergedRole = $this->parentRole->override($this->personalRole);
+            $this->mergedRole = $this->personalRole->override($this->parentRole);  // $this->parentRole->override($this->personalRole);
         }
     }