From d3f5efe99b4f2e4906d692722740dae46ddeffef Mon Sep 17 00:00:00 2001 From: Alexander Ebert Date: Sun, 8 Feb 2015 20:18:22 +0100 Subject: [PATCH] Preventing users from removing full access from the last admin group There is no really setting for admin groups, but groups with the ability to edit all groups (including their own) are regarded as admin group. This is a special case because they can set any permissions they want regardless which permissions they currently have. This change prevents users from stripping this privilege from the last remaining "admin group". In other words: Prevents users from doing things they will regret pretty quickly. --- .../group/UserGroupOptionHandler.class.php | 19 +++++++++++++++++++ wcfsetup/install/lang/de.xml | 1 + wcfsetup/install/lang/en.xml | 1 + 3 files changed, 21 insertions(+) diff --git a/wcfsetup/install/files/lib/system/option/user/group/UserGroupOptionHandler.class.php b/wcfsetup/install/files/lib/system/option/user/group/UserGroupOptionHandler.class.php index 4b2f34505c..e728106868 100644 --- a/wcfsetup/install/files/lib/system/option/user/group/UserGroupOptionHandler.class.php +++ b/wcfsetup/install/files/lib/system/option/user/group/UserGroupOptionHandler.class.php @@ -130,5 +130,24 @@ class UserGroupOptionHandler extends OptionHandler { throw new UserInputException($option->optionName, 'exceedsOwnPermission'); } } + else if ($option->optionName == 'admin.user.accessibleGroups' && $this->group->isAdminGroup()) { + $hasOtherAdminGroup = false; + foreach (UserGroup::getGroupsByType() as $userGroup) { + if ($userGroup->groupID != $this->group->groupID && $userGroup->isAdminGroup()) { + $hasOtherAdminGroup = true; + break; + } + } + + // prevent users from dropping their own admin state + if (!$hasOtherAdminGroup) { + // get type object + $typeObj = $this->getTypeObject($option->optionType); + + if ($typeObj->compare($this->optionValues[$option->optionName], WCF::getSession()->getPermission($option->optionName)) == -1) { + throw new UserInputException($option->optionName, 'cannotDropPrivileges'); + } + } + } } } diff --git a/wcfsetup/install/lang/de.xml b/wcfsetup/install/lang/de.xml index 767aafe51b..ef9fc33490 100644 --- a/wcfsetup/install/lang/de.xml +++ b/wcfsetup/install/lang/de.xml @@ -316,6 +316,7 @@ + maxvalue !== null} Der maximale Wert ist {#$option->maxvalue}.{/if}]]> minvalue !== null} Der minimale Wert ist {#$option->minvalue}.{/if}]]> diff --git a/wcfsetup/install/lang/en.xml b/wcfsetup/install/lang/en.xml index e2981b7a14..a15a776d1d 100644 --- a/wcfsetup/install/lang/en.xml +++ b/wcfsetup/install/lang/en.xml @@ -315,6 +315,7 @@ Examples for medium ID detection: + maxvalue !== null} The maximum value is {#$option->maxvalue}.{/if}]]> minvalue !== null} The minimum value is {#$option->minvalue}.{/if}]]> -- 2.20.1