There is no really setting for admin groups, but groups with the ability to edit all groups (including their own) are regarded as admin group. This is a special case because they can set any permissions they want regardless which permissions they currently have.
This change prevents users from stripping this privilege from the last remaining "admin group". In other words: Prevents users from doing things they will regret pretty quickly.
throw new UserInputException($option->optionName, 'exceedsOwnPermission');
}
}
+ else if ($option->optionName == 'admin.user.accessibleGroups' && $this->group->isAdminGroup()) {
+ $hasOtherAdminGroup = false;
+ foreach (UserGroup::getGroupsByType() as $userGroup) {
+ if ($userGroup->groupID != $this->group->groupID && $userGroup->isAdminGroup()) {
+ $hasOtherAdminGroup = true;
+ break;
+ }
+ }
+
+ // prevent users from dropping their own admin state
+ if (!$hasOtherAdminGroup) {
+ // get type object
+ $typeObj = $this->getTypeObject($option->optionType);
+
+ if ($typeObj->compare($this->optionValues[$option->optionName], WCF::getSession()->getPermission($option->optionName)) == -1) {
+ throw new UserInputException($option->optionName, 'cannotDropPrivileges');
+ }
+ }
+ }
}
}
<item name="wcf.acp.group.option.category.user"><![CDATA[Allgemeine Rechte]]></item>
<item name="wcf.acp.group.option.category.user.message"><![CDATA[Nachrichten]]></item>
<item name="wcf.acp.group.option.category.user.message.comment"><![CDATA[Kommentare]]></item>
+ <item name="wcf.acp.group.option.error.cannotDropPrivileges"><![CDATA[Es muss immer mindestens eine Benutzergruppe mit vollen Rechen geben, es ist daher nicht möglich diese Berechtigung einzuschränken.]]></item>
<item name="wcf.acp.group.option.error.exceedsOwnPermission"><![CDATA[Sie können Benutzergruppen keine Berechtigungen gewähren, die Ihre eigenen Berechtigungen übersteigen.]]></item>
<item name="wcf.acp.group.option.error.tooHigh"><![CDATA[Der angegebene Wert ist zu hoch.{if $option->maxvalue !== null} Der maximale Wert ist {#$option->maxvalue}.{/if}]]></item>
<item name="wcf.acp.group.option.error.tooLow"><![CDATA[Der angegebene Wert ist zu gering.{if $option->minvalue !== null} Der minimale Wert ist {#$option->minvalue}.{/if}]]></item>
<item name="wcf.acp.group.option.category.user"><![CDATA[General Permissions]]></item>
<item name="wcf.acp.group.option.category.user.message"><![CDATA[Messages]]></item>
<item name="wcf.acp.group.option.category.user.message.comment"><![CDATA[Comments]]></item>
+ <item name="wcf.acp.group.option.error.cannotDropPrivileges"><![CDATA[There must be at least one user group with full access, therefore it is not possible to drop these privileges.]]></item>
<item name="wcf.acp.group.option.error.exceedsOwnPermission"><![CDATA[You cannot grant user group permissions exceeding your own permissions.]]></item>
<item name="wcf.acp.group.option.error.tooHigh"><![CDATA[The given value is too high.{if $option->maxvalue !== null} The maximum value is {#$option->maxvalue}.{/if}]]></item>
<item name="wcf.acp.group.option.error.tooLow"><![CDATA[The given value is too low.{if $option->minvalue !== null} The minimum value is {#$option->minvalue}.{/if}]]></item>