Skip to content
Permalink
Browse files

merged fix for MDL-10149, preventing the deletion of the last admin role

  • Loading branch information...
toyomoyo
toyomoyo committed Jul 19, 2007
1 parent d670dbe commit 60ace1e1149d4b484d788063d66becea4ec048c1
Showing with 27 additions and 0 deletions.
  1. +27 −0 lib/accesslib.php
@@ -1961,6 +1961,33 @@ function create_role($name, $shortname, $description, $legacy='') {
function delete_role($roleid) {
$success = true;
// mdl 10149, check if this is the last active admin role
// if we make the admin role not deletable then this part can go
$systemcontext = get_context_instance(CONTEXT_SYSTEM);
if ($role = get_record('role', 'id', $roleid)) {
if (record_exists('role_capabilities', 'contextid', $systemcontext->id, 'roleid', $roleid, 'capability', 'moodle/site:doanything')) {
// deleting an admin role
$status = false;
if ($adminroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, $systemcontext)) {
foreach ($adminroles as $adminrole) {
if ($adminrole->id != $roleid) {
// some other admin role
if (record_exists('role_assignments', 'roleid', $adminrole->id, 'contextid', $systemcontext->id)) {
// found another admin role with at least 1 user assigned
$status = true;
break;
}
}
}
}
if ($status !== true) {
error ('You can not delete this role because there is no other admin roles with users assigned');
}
}
}
// first unssign all users
if (!role_unassign($roleid)) {
debugging("Error while unassigning all users from role with ID $roleid!");

0 comments on commit 60ace1e

Please sign in to comment.
You can’t perform that action at this time.