mirror/processwire
1
0
Fork 0
mirror of https://github.com/processwire/processwire.git synced 2025-08-10 00:37:02 +02:00
Code Issues Releases Wiki Activity

Add support for users with user-admin-all permission to be able to assign roles with user-admin permission per processwire/processwire-issues#607

Browse Source
This commit is contained in:
Ryan Cramer
2018-06-15 11:17:25 -04:00
parent c82dba8835
commit afb4c4dbfd
3 changed files with 21 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
wire/config.php
View File

@@ -1334,7 +1334,15 @@ $config->versionName = '';
*/ */
$config->inputfieldColumnWidthSpacing = null; $config->inputfieldColumnWidthSpacing = null;
/**
* Populated to contain <link rel='next|prev'.../> tags for document head
*
* This is populated only after a MarkupPagerNav::render() has rendered pagination and is
* otherwise null.
*
* $config->pagerHeadTags = '';
*
*/
/*** 11. SYSTEM ********************************************************************************* /*** 11. SYSTEM *********************************************************************************
* *

1
wire/core/Config.php
View File

@@ -143,6 +143,7 @@
* @property string $versionName This is automatically populated with the current PW version name (i.e. 2.5.0 dev) #pw-group-runtime * @property string $versionName This is automatically populated with the current PW version name (i.e. 2.5.0 dev) #pw-group-runtime
* @property int $inputfieldColumnWidthSpacing Used by some admin themes to commmunicate to InputfieldWrapper at runtime. #pw-internal * @property int $inputfieldColumnWidthSpacing Used by some admin themes to commmunicate to InputfieldWrapper at runtime. #pw-internal
* @property bool $debugMarkupQA Set to true to make the MarkupQA class report verbose debugging messages (to superusers). #pw-internal * @property bool $debugMarkupQA Set to true to make the MarkupQA class report verbose debugging messages (to superusers). #pw-internal
* @property string|null $pagerHeadTags Populated at runtime to contain `<link rel=prev|next />` tags for document head, after pagination has been rendered by MarkupPagerNav module. #pw-group-runtime
* *
* @property int $rootPageID Page ID of homepage (usually 1) #pw-group-system-IDs * @property int $rootPageID Page ID of homepage (usually 1) #pw-group-system-IDs
* @property int $adminRootPageID Page ID of admin root page #pw-group-system-IDs * @property int $adminRootPageID Page ID of admin root page #pw-group-system-IDs

13
wire/modules/Process/ProcessUser/ProcessUser.module
View File

@@ -203,17 +203,24 @@ class ProcessUser extends ProcessPageType {
$user = $this->wire('user'); $user = $this->wire('user');
$superuser = $user->isSuperuser(); $superuser = $user->isSuperuser();
$editableRoles = array(); $editableRoles = array();
$userAdminAll = $this->wire('permissions')->get('user-admin-all');
foreach($this->wire('roles') as $role) { foreach($this->wire('roles') as $role) {
if($role->name == 'guest') continue; if($role->name == 'guest') continue;
// if non-superuser editing a user, don't allow them to assign new roles with user-admin permission, // if non-superuser editing a user, don't allow them to assign new roles with user-admin permission,
// unless the user already has the role checked // unless the user already has the role checked, OR the non-superuser has user-admin-all permission
if(!$superuser && $role->hasPermission('user-admin') && !$page->hasPermission('user-admin')) continue; if(!$superuser && $role->hasPermission('user-admin') && !$page->hasPermission('user-admin')) {
if($userAdminAll->id && $user->hasPermission($userAdminAll)) {
// allow it if the non-superuser making edits has user-admin-all
} else {
// do not allow
continue;
}
}
$editableRoles[$role->id] = $role->name; $editableRoles[$role->id] = $role->name;
} }
if(!$superuser) { if(!$superuser) {
$userAdminAll = $this->wire('permissions')->get('user-admin-all');
if($userAdminAll->id && !$user->hasPermission($userAdminAll)) { if($userAdminAll->id && !$user->hasPermission($userAdminAll)) {
foreach($editableRoles as $roleID => $roleName) { foreach($editableRoles as $roleID => $roleName) {
if(!$user->hasPermission("user-admin-$roleName")) { if(!$user->hasPermission("user-admin-$roleName")) {