mirror/processwire
1
0
Fork 0
mirror of https://github.com/processwire/processwire.git synced 2025-08-08 15:57:01 +02:00
Code Issues Releases Wiki Activity

Add support for users with user-admin-all permission to be able to assign roles with user-admin permission per processwire/processwire-issues#607

Browse Source
This commit is contained in:
Ryan Cramer
2018-06-15 11:17:25 -04:00
parent c82dba8835
commit afb4c4dbfd
3 changed files with 21 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
wire/config.php
View File

@@ -1332,9 +1332,17 @@ $config->versionName = '';
* Value is null, 0, or 1 or higher. This should be kept at null in this file.
*
*/
$config->inputfieldColumnWidthSpacing = null;
$config->inputfieldColumnWidthSpacing = null;
/**
* Populated to contain <link rel='next|prev'.../> tags for document head
*
* This is populated only after a MarkupPagerNav::render() has rendered pagination and is
* otherwise null.
*
* $config->pagerHeadTags = '';
*
*/
/*** 11. SYSTEM *********************************************************************************
*

1
wire/core/Config.php
View File

@@ -143,6 +143,7 @@
* @property string $versionName This is automatically populated with the current PW version name (i.e. 2.5.0 dev) #pw-group-runtime
* @property int $inputfieldColumnWidthSpacing Used by some admin themes to commmunicate to InputfieldWrapper at runtime. #pw-internal
* @property bool $debugMarkupQA Set to true to make the MarkupQA class report verbose debugging messages (to superusers). #pw-internal
* @property string|null $pagerHeadTags Populated at runtime to contain `<link rel=prev|next />` tags for document head, after pagination has been rendered by MarkupPagerNav module. #pw-group-runtime
*
* @property int $rootPageID Page ID of homepage (usually 1) #pw-group-system-IDs
* @property int $adminRootPageID Page ID of admin root page #pw-group-system-IDs

13
wire/modules/Process/ProcessUser/ProcessUser.module
View File

@@ -203,17 +203,24 @@ class ProcessUser extends ProcessPageType {
$user = $this->wire('user');
$superuser = $user->isSuperuser();
$editableRoles = array();
$userAdminAll = $this->wire('permissions')->get('user-admin-all');
foreach($this->wire('roles') as $role) {
if($role->name == 'guest') continue;
// if non-superuser editing a user, don't allow them to assign new roles with user-admin permission,
// unless the user already has the role checked
if(!$superuser && $role->hasPermission('user-admin') && !$page->hasPermission('user-admin')) continue;
// unless the user already has the role checked, OR the non-superuser has user-admin-all permission
if(!$superuser && $role->hasPermission('user-admin') && !$page->hasPermission('user-admin')) {
if($userAdminAll->id && $user->hasPermission($userAdminAll)) {
// allow it if the non-superuser making edits has user-admin-all
} else {
// do not allow
continue;
}
}
$editableRoles[$role->id] = $role->name;
}
if(!$superuser) {
$userAdminAll = $this->wire('permissions')->get('user-admin-all');
if($userAdminAll->id && !$user->hasPermission($userAdminAll)) {
foreach($editableRoles as $roleID => $roleName) {
if(!$user->hasPermission("user-admin-$roleName")) {