summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Fowler <spider@viovio.com>2008-11-03 18:24:08 +0000
committerChristian Fowler <spider@viovio.com>2008-11-03 18:24:08 +0000
commitec53449791fcb9a85e77427c853f1af660410a67 (patch)
treee6e6368505b455e256193488ad6776ea7be6949a
parentbb2e68613f193e2451b4d1a6b45bc4e268dfcf8c (diff)
downloadusers-ec53449791fcb9a85e77427c853f1af660410a67.tar.gz
users-ec53449791fcb9a85e77427c853f1af660410a67.tar.bz2
users-ec53449791fcb9a85e77427c853f1af660410a67.zip
check for gBitUser->hasPermission p_users_admin, not admin, as p_users_admin is all you need for assuming another user.
-rw-r--r--BitPermUser.php13
1 files changed, 7 insertions, 6 deletions
diff --git a/BitPermUser.php b/BitPermUser.php
index 1e4562f..f5671a5 100644
--- a/BitPermUser.php
+++ b/BitPermUser.php
@@ -1,6 +1,6 @@
<?php
/**
- * $Header: /cvsroot/bitweaver/_bit_users/BitPermUser.php,v 1.72 2008/11/03 17:08:47 spiderr Exp $
+ * $Header: /cvsroot/bitweaver/_bit_users/BitPermUser.php,v 1.73 2008/11/03 18:24:08 spiderr Exp $
*
* Lib for user administration, groups and permissions
* This lib uses pear so the constructor requieres
@@ -11,7 +11,7 @@
* All Rights Reserved. See copyright.txt for details and a complete list of authors.
* Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details
*
- * $Id: BitPermUser.php,v 1.72 2008/11/03 17:08:47 spiderr Exp $
+ * $Id: BitPermUser.php,v 1.73 2008/11/03 18:24:08 spiderr Exp $
* @package users
*/
@@ -24,7 +24,7 @@ require_once( USERS_PKG_PATH.'/BitUser.php' );
* Class that holds all information for a given user
*
* @author spider <spider@steelsun.com>
- * @version $Revision: 1.72 $
+ * @version $Revision: 1.73 $
* @package users
* @subpackage BitPermUser
*/
@@ -62,12 +62,13 @@ class BitPermUser extends BitUser {
function assumeUser( $pUserId ) {
global $gBitUser, $user_cookie_site;
$ret = FALSE;
- // make double sure the current logged in user has permission
- if( !empty( $this->mPerms['p_users_admin'] ) ) {
+ // make double sure the current logged in user has permission, check for p_users_admin, not admin, as that is all you need for assuming another user.
+ // this enables creating of a non technical site adminstrators group, eg customer support representatives.
+ if( $gBitUser->hasPermission( 'p_users_admin' ) ) {
$assumeUser = new BitPermUser( $pUserId );
$assumeUser->loadPermissions();
- if( !empty( $assumeUser->mPerms['p_users_admin'] ) ) {
+ if( $assumeUser->isAdmin() ) ) {
$this->mErrors['assume_user'] = tra( "User administrators cannot be assumed." );
} else {
$this->mDb->query( "UPDATE `".BIT_DB_PREFIX."users_cnxn` SET `user_id`=?, `assume_user_id`=? WHERE `cookie`=?", array( $pUserId, $gBitUser->mUserId, $_COOKIE[$user_cookie_site] ) );