Description | Hello,
We have encountered a problem with the option "manager_user_threshold" :
We need to set this option to "Manager", because our managers need to create and update users.
But we've got one problem : they also can "Delete" them, which is not acceptable because we need to keep all our users in database (enabled or disabled).
To avoid this problem (with manager not sensitized with the difference of "Delete" and "Disable"), we have add an option : "manage_user_delete_threshold".
With this, we keep the configuration "manager_user_threshold" for all, but we add the new option in some files to restrict access to the delete user function. |
---|
Additional Information | config_default_inc.php :
@@ -2413,6 +2413,12 @@
$g_manage_user_threshold = ADMINISTRATOR;
/**
-
- Threshold needed to delete user accounts
-
- @global int $g_manage_user_delete_threshold
- */
- $g_manager_user_delete_threshold = ADMINISTRATOR;
-
- /**
- Delete bug threshold
- @global int $g_delete_bug_threshold
*/
manage_user_delete.php :
@@ -29,6 +29,7 @@
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_user_threshold' ) );
-
access_ensure_global_level( config_get( 'manage_user_delete_threshold', ADMINISTRATOR ) );
$f_user_id = gpc_get_int( 'user_id' );
manage_user_edit_page.php :
@@ -183,7 +183,8 @@
$t_reset = $t_user['id'] != auth_get_current_user_id()
&& helper_call_custom_function( 'auth_can_change_password', array() );
$t_unlock = OFF != config_get( 'max_failed_login_count' ) && $t_user['failed_login_count'] > 0;
- $t_delete = !( ( user_is_administrator( $t_user_id ) && ( user_count_level( config_get_global( 'admin_site_threshold' ) ) <= 1 ) ) );
- $t_delete = !( ( user_is_administrator( $t_user_id ) && ( user_count_level( config_get_global( 'admin_site_threshold' ) ) <= 1 ) ) )
-
&& config_get( 'manager_user_delete_threshold', ADMINISTRATOR ) <= user_get_access_level( auth_get_current_user_id(), ALL_PROJECTS );
if( $t_reset || $t_unlock || $t_delete ) {
?>
|
---|