View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0020381 | mantisbt | administration | public | 2015-12-11 19:42 | 2016-06-12 00:43 |
Reporter | vboctor | Assigned To | vboctor | ||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Product Version | 1.3.0-rc.1 | ||||
Target Version | 1.3.0-rc.2 | Fixed in Version | 1.3.0-rc.2 | ||
Summary | 0020381: Administrator can disable their own account | ||||
Description | It shouldn't be possible for an administrator to disable their own account or a user who can manage users to disable the last administrator in the system. It seems that somehow we lost such check enabling administrators to lock themselves out. | ||||
Tags | mantishub | ||||
MantisBT: master a3f9d033 2015-12-11 16:37 Details Diff |
Disallow deleting or disabling last admin - When checking for remaining admins, exclude disabled ones. - Don't worry about changes to already disabled users. - Complain when disabling last administrator, not just reducing their access level. Fixes 0020381 Fixes 0020382 |
Affected Issues 0020381, 0020382 |
|
mod - core/user_api.php | Diff File | ||
mod - manage_user_delete.php | Diff File | ||
mod - manage_user_update.php | Diff File |