View Issue Details

IDProjectCategoryView StatusLast Update
0020381mantisbtadministrationpublic2016-06-12 00:43
ReportervboctorAssigned Tovboctor 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version1.3.0-rc.1 
Target Version1.3.0-rc.2Fixed in Version1.3.0-rc.2 
Summary0020381: Administrator can disable their own account
Description

It shouldn't be possible for an administrator to disable their own account or a user who can manage users to disable the last administrator in the system. It seems that somehow we lost such check enabling administrators to lock themselves out.

Tagsmantishub

Activities

Related Changesets

MantisBT: master a3f9d033

2015-12-11 21:37:03

vboctor

Details Diff
Disallow deleting or disabling last admin

- When checking for remaining admins, exclude disabled ones.
- Don't worry about changes to already disabled users.
- Complain when disabling last administrator, not just reducing their
access level.

Fixes 0020381
Fixes 0020382
mod - core/user_api.php Diff File
mod - manage_user_delete.php Diff File
mod - manage_user_update.php Diff File

Issue History

Date Modified Username Field Change
2015-12-11 19:42 vboctor New Issue
2015-12-11 19:42 vboctor Tag Attached: mantishub
2015-12-11 21:17 vboctor Assigned To => vboctor
2015-12-11 21:17 vboctor Status new => assigned
2015-12-11 21:41 vboctor Note Added: 0052109
2015-12-14 20:06 vboctor Changeset attached => MantisBT master a3f9d033
2015-12-14 20:06 vboctor Status assigned => resolved
2015-12-14 20:06 vboctor Resolution open => fixed
2015-12-14 20:06 vboctor Fixed in Version => 1.3.0-rc.2
2016-06-12 00:43 vboctor Status resolved => closed