admin: allow deletion of any users but yourself

fix #1625
This commit is contained in:
Fabrixxm 2015-06-23 10:39:28 +02:00
parent 24c91a4fed
commit 3168b44317
3 changed files with 28 additions and 30 deletions

View File

@ -792,7 +792,7 @@ function admin_page_users_post(&$a){
$nu_nickname = ( x($_POST, 'new_user_nickname') ? $_POST['new_user_nickname'] : ''); $nu_nickname = ( x($_POST, 'new_user_nickname') ? $_POST['new_user_nickname'] : '');
$nu_email = ( x($_POST, 'new_user_email') ? $_POST['new_user_email'] : ''); $nu_email = ( x($_POST, 'new_user_email') ? $_POST['new_user_email'] : '');
check_form_security_token_redirectOnErr('/admin/users', 'admin_users'); check_form_security_token_redirectOnErr($a->get_baseurl().'/admin/users', 'admin_users');
if (!($nu_name==="") && !($nu_email==="") && !($nu_nickname==="")) { if (!($nu_name==="") && !($nu_email==="") && !($nu_nickname==="")) {
require_once('include/user.php'); require_once('include/user.php');
@ -946,11 +946,8 @@ function admin_page_users(&$a){
intval($a->pager['itemspage']) intval($a->pager['itemspage'])
); );
function _setup_users($e){
$a = get_app();
$adminlist = explode(",", str_replace(" ", "", $a->config['admin_email'])); $adminlist = explode(",", str_replace(" ", "", $a->config['admin_email']));
$_setup_users = function ($e) use ($adminlist){
$accounts = Array( $accounts = Array(
t('Normal Account'), t('Normal Account'),
t('Soapbox Account'), t('Soapbox Account'),
@ -963,10 +960,11 @@ function admin_page_users(&$a){
$e['lastitem_date'] = relative_date($e['lastitem_date']); $e['lastitem_date'] = relative_date($e['lastitem_date']);
//$e['is_admin'] = ($e['email'] === $a->config['admin_email']); //$e['is_admin'] = ($e['email'] === $a->config['admin_email']);
$e['is_admin'] = in_array($e['email'], $adminlist); $e['is_admin'] = in_array($e['email'], $adminlist);
$e['is_deletable'] = (intval($e['uid']) != local_user());
$e['deleted'] = ($e['account_removed']?relative_date($e['account_expires_on']):False); $e['deleted'] = ($e['account_removed']?relative_date($e['account_expires_on']):False);
return $e; return $e;
} };
$users = array_map("_setup_users", $users); $users = array_map($_setup_users, $users);
// Get rid of dashes in key names, Smarty3 can't handle them // Get rid of dashes in key names, Smarty3 can't handle them

View File

@ -70,17 +70,17 @@
<td class='lastitem_date'>{{$u.lastitem_date}}</td> <td class='lastitem_date'>{{$u.lastitem_date}}</td>
<td class='login_date'>{{$u.page_flags}} {{if $u.is_admin}}({{$siteadmin}}){{/if}} {{if $u.account_expired}}({{$accountexpired}}){{/if}}</td> <td class='login_date'>{{$u.page_flags}} {{if $u.is_admin}}({{$siteadmin}}){{/if}} {{if $u.account_expired}}({{$accountexpired}}){{/if}}</td>
<td class="checkbox"> <td class="checkbox">
{{if $u.is_admin}} {{if $u.is_deletable}}
&nbsp;
{{else}}
<input type="checkbox" class="users_ckbx" id="id_user_{{$u.uid}}" name="user[]" value="{{$u.uid}}"/></td> <input type="checkbox" class="users_ckbx" id="id_user_{{$u.uid}}" name="user[]" value="{{$u.uid}}"/></td>
{{else}}
&nbsp;
{{/if}} {{/if}}
<td class="tools"> <td class="tools">
{{if $u.is_admin}} {{if $u.is_deletable}}
&nbsp;
{{else}}
<a href="{{$baseurl}}/admin/users/block/{{$u.uid}}?t={{$form_security_token}}" title='{{if $u.blocked}}{{$unblock}}{{else}}{{$block}}{{/if}}'><span class='icon block {{if $u.blocked==0}}dim{{/if}}'></span></a> <a href="{{$baseurl}}/admin/users/block/{{$u.uid}}?t={{$form_security_token}}" title='{{if $u.blocked}}{{$unblock}}{{else}}{{$block}}{{/if}}'><span class='icon block {{if $u.blocked==0}}dim{{/if}}'></span></a>
<a href="{{$baseurl}}/admin/users/delete/{{$u.uid}}?t={{$form_security_token}}" title='{{$delete}}' onclick="return confirm_delete('{{$u.name}}')"><span class='icon drop'></span></a> <a href="{{$baseurl}}/admin/users/delete/{{$u.uid}}?t={{$form_security_token}}" title='{{$delete}}' onclick="return confirm_delete('{{$u.name}}')"><span class='icon drop'></span></a>
{{else}}
&nbsp;
{{/if}} {{/if}}
</td> </td>
</tr> </tr>

View File

@ -70,17 +70,17 @@
<td class='lastitem_date'>{{$u.lastitem_date}}</td> <td class='lastitem_date'>{{$u.lastitem_date}}</td>
<td class='login_date'>{{$u.page_flags}} {{if $u.is_admin}}({{$siteadmin}}){{/if}} {{if $u.account_expired}}({{$accountexpired}}){{/if}}</td> <td class='login_date'>{{$u.page_flags}} {{if $u.is_admin}}({{$siteadmin}}){{/if}} {{if $u.account_expired}}({{$accountexpired}}){{/if}}</td>
<td class="checkbox"> <td class="checkbox">
{{if $u.is_admin}} {{if $u.is_deletable}}
&nbsp;
{{else}}
<input type="checkbox" class="users_ckbx" id="id_user_{{$u.uid}}" name="user[]" value="{{$u.uid}}"/></td> <input type="checkbox" class="users_ckbx" id="id_user_{{$u.uid}}" name="user[]" value="{{$u.uid}}"/></td>
{{else}}
&nbsp;
{{/if}} {{/if}}
<td class="tools"> <td class="tools">
{{if $u.is_admin}} {{if $u.is_deletable}}
&nbsp;
{{else}}
<a href="{{$baseurl}}/admin/users/block/{{$u.uid}}?t={{$form_security_token}}" title='{{if $u.blocked}}{{$unblock}}{{else}}{{$block}}{{/if}}'><span class='icon {{if $u.blocked==0}}unlock{{else}}lock{{/if}}'></span></a> <a href="{{$baseurl}}/admin/users/block/{{$u.uid}}?t={{$form_security_token}}" title='{{if $u.blocked}}{{$unblock}}{{else}}{{$block}}{{/if}}'><span class='icon {{if $u.blocked==0}}unlock{{else}}lock{{/if}}'></span></a>
<a href="{{$baseurl}}/admin/users/delete/{{$u.uid}}?t={{$form_security_token}}" title='{{$delete}}' onclick="return confirm_delete('{{$u.name}}')"><span class='icon delete'></span></a> <a href="{{$baseurl}}/admin/users/delete/{{$u.uid}}?t={{$form_security_token}}" title='{{$delete}}' onclick="return confirm_delete('{{$u.name}}')"><span class='icon delete'></span></a>
{{else}}
&nbsp;
{{/if}} {{/if}}
</td> </td>
</tr> </tr>