View Issue Details

IDProjectCategoryView StatusLast Update
0020382mantisbtauthorizationpublic2016-06-12 00:43
ReportervboctorAssigned Tovboctor 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version1.2.19 
Target Version1.3.0-rc.2Fixed in Version1.3.0-rc.2 
Summary0020382: user_is_administrator() should not return true for disabled admins
Description

At the moment, user_is_administrator() returns true for administrators whether or not they are enabled users. We should only consider them admins if they are enabled and have the correct access level.

@atrol raised this in https://github.com/mantisbt/mantisbt/pull/689

TagsNo tags attached.

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master a3f9d033

2015-12-11 21:37:03

vboctor

Details Diff
Disallow deleting or disabling last admin

- When checking for remaining admins, exclude disabled ones.
- Don't worry about changes to already disabled users.
- Complain when disabling last administrator, not just reducing their
access level.

Fixes 0020381
Fixes 0020382
mod - core/user_api.php Diff File
mod - manage_user_delete.php Diff File
mod - manage_user_update.php Diff File

Issue History

Date Modified Username Field Change
2015-12-12 16:45 vboctor New Issue
2015-12-12 16:45 vboctor Status new => assigned
2015-12-12 16:45 vboctor Assigned To => vboctor
2015-12-14 20:06 vboctor Changeset attached => MantisBT master a3f9d033
2015-12-14 20:06 vboctor Status assigned => resolved
2015-12-14 20:06 vboctor Resolution open => fixed
2015-12-14 20:06 vboctor Fixed in Version => 1.3.0-rc.2
2016-06-12 00:43 vboctor Status resolved => closed