From 60ace1e1149d4b484d788063d66becea4ec048c1 Mon Sep 17 00:00:00 2001 From: toyomoyo Date: Thu, 19 Jul 2007 05:19:05 +0000 Subject: [PATCH] merged fix for MDL-10149, preventing the deletion of the last admin role --- lib/accesslib.php | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/lib/accesslib.php b/lib/accesslib.php index c59f403d7a1..15e1aef33d1 100755 --- a/lib/accesslib.php +++ b/lib/accesslib.php @@ -1961,6 +1961,33 @@ function create_role($name, $shortname, $description, $legacy='') { function delete_role($roleid) { $success = true; +// mdl 10149, check if this is the last active admin role +// if we make the admin role not deletable then this part can go + + $systemcontext = get_context_instance(CONTEXT_SYSTEM); + + if ($role = get_record('role', 'id', $roleid)) { + if (record_exists('role_capabilities', 'contextid', $systemcontext->id, 'roleid', $roleid, 'capability', 'moodle/site:doanything')) { + // deleting an admin role + $status = false; + if ($adminroles = get_roles_with_capability('moodle/site:doanything', CAP_ALLOW, $systemcontext)) { + foreach ($adminroles as $adminrole) { + if ($adminrole->id != $roleid) { + // some other admin role + if (record_exists('role_assignments', 'roleid', $adminrole->id, 'contextid', $systemcontext->id)) { + // found another admin role with at least 1 user assigned + $status = true; + break; + } + } + } + } + if ($status !== true) { + error ('You can not delete this role because there is no other admin roles with users assigned'); + } + } + } + // first unssign all users if (!role_unassign($roleid)) { debugging("Error while unassigning all users from role with ID $roleid!");