Revize 2073
Přidáno uživatelem David Raška před asi 11 roky(ů)
freenetis/branches/1.1/application/controllers/members.php | ||
---|---|---|
if (!$is_former)
|
||
{
|
||
// change password link
|
||
if ($this->acl_check_edit('Users_Controller', 'password', $member->id))
|
||
if ($this->acl_check_edit('Users_Controller', 'password', $member->id) &&
|
||
!($user->is_user_in_aro_group($user->id, Aro_group_Model::ADMINS) &&
|
||
$user->id != $this->user_id
|
||
))
|
||
{
|
||
$user_links[] = html::anchor(
|
||
'users/change_password/'.$user->id, __('Change password'),
|
freenetis/branches/1.1/application/controllers/users.php | ||
---|---|---|
Controller::error(RECORD);
|
||
|
||
// access control
|
||
if (!$this->acl_check_edit(get_class($this), 'password', $user->member_id))
|
||
if (!$this->acl_check_edit(get_class($this), 'password', $user->member_id) ||
|
||
($user->is_user_in_aro_group($user->id, Aro_group_Model::ADMINS) &&
|
||
$user->id != $this->user_id
|
||
))
|
||
Controller::error(ACCESS);
|
||
|
||
$this->_user_id = $user_id;
|
freenetis/branches/1.1/application/models/user.php | ||
---|---|---|
}
|
||
|
||
/**
|
||
* Checks if user is in ARO group
|
||
*
|
||
* @param int $user_id User ID
|
||
* @param int $aro_group ARO Group
|
||
* @return int
|
||
*/
|
||
public function is_user_in_aro_group($user_id, $aro_group)
|
||
{
|
||
return $this->db->query("
|
||
SELECT ag.id
|
||
FROM aro_groups ag
|
||
JOIN groups_aro_map gam ON ag.id = gam.group_id
|
||
WHERE ag.id = ? AND
|
||
gam.aro_id = ?
|
||
", $aro_group, $user_id)->count();
|
||
}
|
||
|
||
/**
|
||
* Gets array of users for selectbox
|
||
*
|
||
* @return array[string]
|
freenetis/branches/1.1/application/views/users/show.php | ||
---|---|---|
{
|
||
$links[] = html::anchor('requests/show_by_user/'.$user_data->id,__('Show requests'));
|
||
}
|
||
if ($this->acl_check_edit(get_class($this),'password',$user_data->member_id))
|
||
if ($this->acl_check_edit(get_class($this),'password',$user_data->member_id) && !($user_data->is_user_in_aro_group($user_data->id, Aro_group_Model::ADMINS) && $user_data->id != $this->user_id ))
|
||
$links[] = html::anchor('users/change_password/'.$user_data->id,__('Change password'));
|
||
if ($this->acl_check_edit(get_class($this), 'application_password', $user_data->member_id))
|
||
$links[] = html::anchor('users/change_application_password/'.$user_data->id, __('Change application password'));
|
Také k dispozici: Unified diff
Opravy:
- fixes #522 - Administratorovi nemuze nikdo menit heslo, jen on sam