|
MantisBT: master-1.2.x 17ae3fc0
2009-08-07 01:17
dhx
Details
Diff |
Fix 0010687: don't allow deletion of the last admin account
The last administrator account should be protected from deletion or
demotion. It is still possible to delete the last administrator account
from the database via way of a raw SQL query if an installation
absolutely must not contain any admin accounts. |
Affected Issues
0010687 |
|
mod - manage_user_delete.php |
Diff
File |
|
mod - account_delete.php |
Diff
File |
|
mod - lang/strings_english.txt |
Diff
File |
|
MantisBT: master fe113064
2009-08-07 01:17
dhx
Details
Diff |
Fix 0010687: don't allow deletion of the last admin account
The last administrator account should be protected from deletion or
demotion. It is still possible to delete the last administrator account
from the database via way of a raw SQL query if an installation
absolutely must not contain any admin accounts. |
Affected Issues
0010687 |
|
mod - manage_user_delete.php |
Diff
File |
|
mod - lang/strings_english.txt |
Diff
File |
|
mod - account_delete.php |
Diff
File |
|
MantisBT: master-1.2.x 1d837ae7
2009-08-07 02:24
dhx
Details
Diff |
Fix 0010687: call auth_logout before user_delete
auth_logout() does stuff that requires a valid user ID. When a user
attempts to delete their own account, we should first ensure that
they're logged out as per normal. Then we can delete their account as a
last step before redirecting them elsehwere.
The html headers/footers and redirect message have also been adjusted
for ease of use, and to ensure that the user doesn't miss the notice
about their account being deleted successfully. |
Affected Issues
0010687 |
|
mod - account_delete.php |
Diff
File |
|
MantisBT: master dce1691b
2009-08-07 02:24
dhx
Details
Diff |
Fix 0010687: call auth_logout before user_delete
auth_logout() does stuff that requires a valid user ID. When a user
attempts to delete their own account, we should first ensure that
they're logged out as per normal. Then we can delete their account as a
last step before redirecting them elsehwere.
The html headers/footers and redirect message have also been adjusted
for ease of use, and to ensure that the user doesn't miss the notice
about their account being deleted successfully. |
Affected Issues
0010687 |
|
mod - account_delete.php |
Diff
File |
|
MantisBT: master-1.2.x fd39c78b
2009-08-07 03:08
dhx
Details
Diff |
Fix 0010687: Force use of account_delete when deleting own account
The case of deleting ones own account is quite different to deleting the
account of another user. Therefore if an administrator wants to delete
their own account, account_delete.php should be used instead. It
correctly handles logging out and redirection of the administrator who
has just deleted their own account.
This fix will force account_delete.php to be used in a way that is
transparent to an administrator who is deleting their account.
For the purpose of this commit message, "administrator" is any user who
has an access level equal to or beyond manage_user_threshold. |
Affected Issues
0010687 |
|
mod - account_delete.php |
Diff
File |
|
mod - manage_user_delete.php |
Diff
File |
|
MantisBT: master f27b0e9c
2009-08-07 03:08
dhx
Details
Diff |
Fix 0010687: Force use of account_delete when deleting own account
The case of deleting ones own account is quite different to deleting the
account of another user. Therefore if an administrator wants to delete
their own account, account_delete.php should be used instead. It
correctly handles logging out and redirection of the administrator who
has just deleted their own account.
This fix will force account_delete.php to be used in a way that is
transparent to an administrator who is deleting their account.
For the purpose of this commit message, "administrator" is any user who
has an access level equal to or beyond manage_user_threshold. |
Affected Issues
0010687 |
|
mod - account_delete.php |
Diff
File |
|
mod - manage_user_delete.php |
Diff
File |
