View Issue Details

IDProjectCategoryView StatusLast Update
0020381mantisbtadministrationpublic2016-06-12 00:43
ReportervboctorAssigned Tovboctor 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version1.3.0-rc.1 
Target Version1.3.0-rc.2Fixed in Version1.3.0-rc.2 
Summary0020381: Administrator can disable their own account

It shouldn't be possible for an administrator to disable their own account or a user who can manage users to disable the last administrator in the system. It seems that somehow we lost such check enabling administrators to lock themselves out.



Related Changesets

MantisBT: master a3f9d033

2015-12-11 21:37:03


Details Diff
Disallow deleting or disabling last admin

- When checking for remaining admins, exclude disabled ones.
- Don't worry about changes to already disabled users.
- Complain when disabling last administrator, not just reducing their
access level.

Fixes 0020381
Fixes 0020382
mod - core/user_api.php Diff File
mod - manage_user_delete.php Diff File
mod - manage_user_update.php Diff File

Issue History

Date Modified Username Field Change
2015-12-11 19:42 vboctor New Issue
2015-12-11 19:42 vboctor Tag Attached: mantishub
2015-12-11 21:17 vboctor Assigned To => vboctor
2015-12-11 21:17 vboctor Status new => assigned
2015-12-11 21:41 vboctor Note Added: 0052109
2015-12-14 20:06 vboctor Changeset attached => MantisBT master a3f9d033
2015-12-14 20:06 vboctor Status assigned => resolved
2015-12-14 20:06 vboctor Resolution open => fixed
2015-12-14 20:06 vboctor Fixed in Version => 1.3.0-rc.2
2016-06-12 00:43 vboctor Status resolved => closed