View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0020381 | mantisbt | administration | public | 2015-12-11 19:42 | 2016-06-12 00:43 |
| Reporter | vboctor | Assigned To | vboctor | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Product Version | 1.3.0-rc.1 | ||||
| Target Version | 1.3.0-rc.2 | Fixed in Version | 1.3.0-rc.2 | ||
| Summary | 0020381: Administrator can disable their own account | ||||
| Description | It shouldn't be possible for an administrator to disable their own account or a user who can manage users to disable the last administrator in the system. It seems that somehow we lost such check enabling administrators to lock themselves out. | ||||
| Tags | mantishub | ||||
|
MantisBT: master a3f9d033 2015-12-11 16:37 Details Diff |
Disallow deleting or disabling last admin - When checking for remaining admins, exclude disabled ones. - Don't worry about changes to already disabled users. - Complain when disabling last administrator, not just reducing their access level. Fixes 0020381 Fixes 0020382 |
Affected Issues 0020381, 0020382 |
|
| mod - core/user_api.php | Diff File | ||
| mod - manage_user_delete.php | Diff File | ||
| mod - manage_user_update.php | Diff File | ||
