Disabling 3rd party login for users with administrative access
authorAlexander Ebert <ebert@woltlab.com>
Wed, 12 Jun 2013 19:32:49 +0000 (21:32 +0200)
committerAlexander Ebert <ebert@woltlab.com>
Wed, 12 Jun 2013 19:32:49 +0000 (21:32 +0200)
com.woltlab.wcf/templates/accountManagement.tpl
wcfsetup/install/files/lib/data/user/User.class.php
wcfsetup/install/files/lib/form/AccountManagementForm.class.php

index 36ab61d132579a4c5a1dce7c49648c9e9a54d7ff..1b33cedc3183652a5ac7b023b404996407e2e7fa 100644 (file)
                                                                <label><input type="checkbox" name="{@$__authProvider}Disconnect" value="1" /> {lang}wcf.user.3rdparty.{@$__authProvider}.disconnect{/lang}</label>
                                                        </dd>
                                                </dl>
-                                       {else}
+                                       {else if !$__wcf->getUser()->hasAdministrativeAccess()}
                                                {if GITHUB_PUBLIC_KEY !== '' && GITHUB_PRIVATE_KEY !== ''}
                                                        <dl>
                                                                <dt>{lang}wcf.user.3rdparty.github{/lang}</dt>
index 15ce27767ab514deac982e8912ea50e1b5f2df50..4abdc1f79cd5a93dd55439f61692a8b6852041f8 100644 (file)
@@ -37,6 +37,12 @@ final class User extends DatabaseObject implements IRouteController {
         */
        protected $groupIDs = null;
        
+       /**
+        * true, if user has access to the ACP
+        * @var boolean
+        */
+       protected $hasAdministrativePermissions = null;
+       
        /**
         * list of language ids
         * @var array<integer>
@@ -400,4 +406,27 @@ final class User extends DatabaseObject implements IRouteController {
        public function canEdit() {
                return (WCF::getSession()->getPermission('admin.user.canEditUser') && UserGroup::isAccessibleGroup($this->getGroupIDs()));
        }
+       
+       /**
+        * Returns true, if this user has access to the ACP.
+        * 
+        * @return      boolean
+        */
+       public function hasAdministrativeAccess() {
+               if ($this->hasAdministrativePermissions === null) {
+                       $this->hasAdministrativePermissions = false;
+                       
+                       if ($this->userID) {
+                               foreach ($this->getGroupIDs() as $groupID) {
+                                       $group = UserGroup::getGroupByID($groupID);
+                                       if ($group->isAdminGroup()) {
+                                               $this->hasAdministrativePermissions = true;
+                                               break;
+                                       }
+                               }
+                       }
+               }
+               
+               return $this->hasAdministrativePermissions;
+       }
 }
index b1497895dd79161d7128b516ba2aabef406ba22b..4f8be9c1f2fa0eff96ee45b201c051c982391cda 100644 (file)
@@ -158,14 +158,17 @@ class AccountManagementForm extends AbstractSecureForm {
                if (isset($_POST['username'])) $this->username = StringUtil::trim($_POST['username']);
                if (isset($_POST['quit'])) $this->quit = intval($_POST['quit']);
                if (isset($_POST['cancelQuit'])) $this->cancelQuit = intval($_POST['cancelQuit']);
-               if (isset($_POST['githubConnect'])) $this->githubConnect = intval($_POST['githubConnect']);
                if (isset($_POST['githubDisconnect'])) $this->githubDisconnect = intval($_POST['githubDisconnect']);
-               if (isset($_POST['twitterConnect'])) $this->twitterConnect = intval($_POST['twitterConnect']);
                if (isset($_POST['twitterDisconnect'])) $this->twitterDisconnect = intval($_POST['twitterDisconnect']);
-               if (isset($_POST['facebookConnect'])) $this->facebookConnect = intval($_POST['facebookConnect']);
                if (isset($_POST['facebookDisconnect'])) $this->facebookDisconnect = intval($_POST['facebookDisconnect']);
-               if (isset($_POST['googleConnect'])) $this->googleConnect = intval($_POST['googleConnect']);
                if (isset($_POST['googleDisconnect'])) $this->googleDisconnect = intval($_POST['googleDisconnect']);
+               
+               if (!WCF::getUser()->hasAdministrativeAccess()) {
+                       if (isset($_POST['facebookConnect'])) $this->facebookConnect = intval($_POST['facebookConnect']);
+                       if (isset($_POST['githubConnect'])) $this->githubConnect = intval($_POST['githubConnect']);
+                       if (isset($_POST['googleConnect'])) $this->googleConnect = intval($_POST['googleConnect']);
+                       if (isset($_POST['twitterConnect'])) $this->twitterConnect = intval($_POST['twitterConnect']);
+               }
        }
        
        /**