merged fix for MDL-10149, preventing the deletion of the last admin role

2025-01-19 06:18:28 +01:00 · 2007-07-19 05:19:05 +00:00 · 2007-07-19 05:19:05 +00:00 · 60ace1e114
commit 60ace1e114
parent d670dbee90
1 changed files with 27 additions and 0 deletions
--- a/lib/accesslib.php
+++ b/lib/accesslib.php
@ -1961,6 +1961,33 @@ function create_role($name, $shortname, $description, $legacy='') {
 function delete_role($roleid) {
    $success = true;

+// mdl 10149, check if this is the last active admin role
+// if we make the admin role not deletable then this part can go
+    
+    $systemcontext = get_context_instance(CONTEXT_SYSTEM);
+    
+    if ($role = get_record('role', 'id', $roleid)) {
+        if (record_exists('role_capabilities', 'contextid', $systemcontext->id, 'roleid', $roleid, 'capability', 'moodle/site:doanything')) {
+            // deleting an admin role
+            $status = false;
+            if ($adminroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, $systemcontext)) {
+                foreach ($adminroles as $adminrole) {
+                    if ($adminrole->id != $roleid) {
+                        // some other admin role
+                        if (record_exists('role_assignments', 'roleid', $adminrole->id, 'contextid', $systemcontext->id)) {
+                            // found another admin role with at least 1 user assigned  
+                            $status = true;
+                            break;
+                        }
+                    }
+                }        
+            } 
+            if ($status !== true) {
+                error ('You can not delete this role because there is no other admin roles with users assigned');  
+            }
+        }  
+    }
+
 // first unssign all users
    if (!role_unassign($roleid)) {
        debugging("Error while unassigning all users from role with ID $roleid!");