Members of the owner group may not remove themselves

diff --git a/wcfsetup/install/files/acp/templates/userAdd.tpl b/wcfsetup/install/files/acp/templates/userAdd.tpl
index aab3972fece9978e5e4af6b1b3e1b616b12fd44a..cdf770f1f23c114287cb4f7d7d051357dc3c1bab 100644 (file)
--- a/wcfsetup/install/files/acp/templates/userAdd.tpl
+++ b/wcfsetup/install/files/acp/templates/userAdd.tpl
@@ -602,4 +602,28 @@
        </div>
 </form>
 
+{if $action === 'edit' && $ownerGroupID}
+       <script data-relocate="true">
+               (function() {
+                       var input = elBySel('input[name="groupIDs[]"][value="{@$ownerGroupID}"]');
+                       if (input) {
+                               var icon = elCreate('span');
+                               icon.className = 'icon icon16 fa-shield jsTooltip';
+                               icon.title = '{lang}wcf.acp.group.type.owner{/lang}';
+                               input.parentNode.appendChild(icon);
+                               
+                               {if $user->userID == $__wcf->user->userID}
+                                       var shadow = elCreate('input');
+                                       shadow.name = input.name;
+                                       shadow.type = 'hidden';
+                                       shadow.value = input.value;
+                                       
+                                       input.parentNode.appendChild(shadow);
+                                       input.disabled = true;
+                               {/if}
+                       }
+               })();
+       </script>
+{/if}
+
 {include file='footer'}

diff --git a/wcfsetup/install/files/lib/acp/form/UserEditForm.class.php b/wcfsetup/install/files/lib/acp/form/UserEditForm.class.php
index cdc34b9f2af2128fbdbfcd561494f21c49ea8ca2..5e3493d9dd716eae2523299a13415385f244c474 100755 (executable)
--- a/wcfsetup/install/files/lib/acp/form/UserEditForm.class.php
+++ b/wcfsetup/install/files/lib/acp/form/UserEditForm.class.php
@@ -274,7 +274,8 @@ class UserEditForm extends UserAddForm {
                        'disableCoverPhoto' => $this->disableCoverPhoto,
                        'disableCoverPhotoReason' => $this->disableCoverPhotoReason,
                        'disableCoverPhotoExpires' => $this->disableCoverPhotoExpires,
-                       'deleteCoverPhoto' => $this->deleteCoverPhoto
+                       'deleteCoverPhoto' => $this->deleteCoverPhoto,
+                       'ownerGroupID' => UserGroup::getOwnerGroupID(),
                ]);
        }
        
@@ -483,6 +484,14 @@ class UserEditForm extends UserAddForm {
         * @inheritDoc
         */
        public function validate() {
+               if ($this->user->userID == WCF::getUser()->userID && WCF::getUser()->hasOwnerAccess()) {
+                       $ownerGroupID = UserGroup::getOwnerGroupID();
+                       if ($ownerGroupID && !in_array($ownerGroupID, $this->groupIDs)) {
+                               // Members of the owner group cannot remove themselves.
+                               throw new PermissionDeniedException();
+                       }
+               }
+               
                $this->validateAvatar();
                
                parent::validate();

diff --git a/wcfsetup/install/files/lib/data/user/group/UserGroup.class.php b/wcfsetup/install/files/lib/data/user/group/UserGroup.class.php
index 6da1c1ba728dc9b8ae503cc14e9a06ae02cbe449..cf651a8c2a66f2a5b23af25bb574e77c881988cd 100644 (file)
--- a/wcfsetup/install/files/lib/data/user/group/UserGroup.class.php
+++ b/wcfsetup/install/files/lib/data/user/group/UserGroup.class.php
@@ -74,6 +74,11 @@ class UserGroup extends DatabaseObject implements ITitledObject {
         */
        protected static $accessibleGroups = null;
        
+       /**
+        * @var UserGroup|null
+        */
+       protected static $ownerGroup = false;
+       
        /**
         * group options of this group
         * @var mixed[][]
@@ -498,4 +503,18 @@ class UserGroup extends DatabaseObject implements ITitledObject {
                        'admin.user.canSearchUser',
                ];
        }
+       
+       /**
+        * Returns the owner group's id unless no group was promoted yet due to backwards compatibility.
+        * 
+        * @return int|null
+        * @since 5.2
+        */
+       public static function getOwnerGroupID() {
+               if (self::$ownerGroup === false) {
+                       self::$ownerGroup = self::getGroupByType(self::OWNER);
+               }
+               
+               return self::$ownerGroup ? self::$ownerGroup->groupID : null;
+       }
 }