front end fix for 31456: Editing a superuser clears their access flags

patch by jmrobin@tgix.com

front end fix for 31456: Editing a superuser clears their access flags
ee4d3250 · cyeh%bluemartini.com · 39166470 · ee4d3250 · ee4d3250
Commit ee4d3250 authored Sep 16, 2000 by cyeh%bluemartini.com
Hide whitespace changes
Inline Side-by-side

Showing with 30 additions and 20 deletions

editusers.cgi editusers.cgi +26 -20

globals.pl globals.pl +4 -0

No files found.
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -746,27 +746,33 @@ if ($action eq 'update') {
        SendSQL("SELECT groupset FROM profiles WHERE login_name=" .
                SqlQuote($userold));
        $groupsetold = FetchOneColumn();
-        SendSQL("UPDATE profiles
-		 SET groupset = 
+        # Updated, 5/7/00, Joe Robins
+        # We don't want to change the groupset of a superuser.
+        if($groupsetold eq $::superusergroupset) {
+          print "Cannot change permissions of superuser.\n";
+        } else {
+           SendSQL("UPDATE profiles
+                    SET groupset =
                         groupset - (groupset & $opblessgroupset) + $groupset
-		 WHERE login_name=" . SqlQuote($userold));
-
-        # I'm paranoid that someone who I give the ability to bless people
-        # will start misusing it.  Let's log who blesses who (even though
-        # nothing actually uses this log right now).
-        my $fieldid = GetFieldID("groupset");
-        SendSQL("SELECT userid, groupset FROM profiles WHERE login_name=" .
-                SqlQuote($userold));
-        my $u;
-        ($u, $groupset) = (FetchSQLData());
-        if ($groupset ne $groupsetold) {
-            SendSQL("INSERT INTO profiles_activity " .
-                    "(userid,who,profiles_when,fieldid,oldvalue,newvalue) " .
-                    "VALUES " .
-                    "($u, $::userid, now(), $fieldid, " .
-                    " $groupsetold, $groupset)");
-        }
-	print "Updated permissions.\n";
+                    WHERE login_name=" . SqlQuote($userold));
+
+           # I'm paranoid that someone who I give the ability to bless people
+           # will start misusing it.  Let's log who blesses who (even though
+           # nothing actually uses this log right now).
+           my $fieldid = GetFieldID("groupset");
+           SendSQL("SELECT userid, groupset FROM profiles WHERE login_name=" .
+                   SqlQuote($userold));
+           my $u;
+           ($u, $groupset) = (FetchSQLData());
+           if ($groupset ne $groupsetold) {
+               SendSQL("INSERT INTO profiles_activity " .
+                       "(userid,who,profiles_when,fieldid,oldvalue,newvalue) " .
+                       "VALUES " .
+                       "($u, $::userid, now(), $fieldid, " .
+                       " $groupsetold, $groupset)");
+           }
+	   print "Updated permissions.\n";
+       }
    }

    if ($editall && $blessgroupset ne $blessgroupsetold) {

--- a/globals.pl
+++ b/globals.pl
@@ -77,6 +77,10 @@ $::defaultqueryname = "(Default query)";
 $::unconfirmedstate = "UNCONFIRMED";
 $::dbwritesallowed = 1;

+# Adding a global variable for the value of the superuser groupset.
+# Joe Robins, 7/5/00
+$::superusergroupset = "9223372036854775807";
+
 sub ConnectToDatabase {
    my ($useshadow) = (@_);
    if (!defined $::db) {