diff options
| author | Christian Fowler <spider@viovio.com> | 2008-11-03 18:24:08 +0000 |
|---|---|---|
| committer | Christian Fowler <spider@viovio.com> | 2008-11-03 18:24:08 +0000 |
| commit | ec53449791fcb9a85e77427c853f1af660410a67 (patch) | |
| tree | e6e6368505b455e256193488ad6776ea7be6949a | |
| parent | bb2e68613f193e2451b4d1a6b45bc4e268dfcf8c (diff) | |
| download | users-ec53449791fcb9a85e77427c853f1af660410a67.tar.gz users-ec53449791fcb9a85e77427c853f1af660410a67.tar.bz2 users-ec53449791fcb9a85e77427c853f1af660410a67.zip | |
check for gBitUser->hasPermission p_users_admin, not admin, as p_users_admin is all you need for assuming another user.
| -rw-r--r-- | BitPermUser.php | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/BitPermUser.php b/BitPermUser.php index 1e4562f..f5671a5 100644 --- a/BitPermUser.php +++ b/BitPermUser.php @@ -1,6 +1,6 @@ <?php /** - * $Header: /cvsroot/bitweaver/_bit_users/BitPermUser.php,v 1.72 2008/11/03 17:08:47 spiderr Exp $ + * $Header: /cvsroot/bitweaver/_bit_users/BitPermUser.php,v 1.73 2008/11/03 18:24:08 spiderr Exp $ * * Lib for user administration, groups and permissions * This lib uses pear so the constructor requieres @@ -11,7 +11,7 @@ * All Rights Reserved. See copyright.txt for details and a complete list of authors. * Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details * - * $Id: BitPermUser.php,v 1.72 2008/11/03 17:08:47 spiderr Exp $ + * $Id: BitPermUser.php,v 1.73 2008/11/03 18:24:08 spiderr Exp $ * @package users */ @@ -24,7 +24,7 @@ require_once( USERS_PKG_PATH.'/BitUser.php' ); * Class that holds all information for a given user * * @author spider <spider@steelsun.com> - * @version $Revision: 1.72 $ + * @version $Revision: 1.73 $ * @package users * @subpackage BitPermUser */ @@ -62,12 +62,13 @@ class BitPermUser extends BitUser { function assumeUser( $pUserId ) { global $gBitUser, $user_cookie_site; $ret = FALSE; - // make double sure the current logged in user has permission - if( !empty( $this->mPerms['p_users_admin'] ) ) { + // make double sure the current logged in user has permission, check for p_users_admin, not admin, as that is all you need for assuming another user. + // this enables creating of a non technical site adminstrators group, eg customer support representatives. + if( $gBitUser->hasPermission( 'p_users_admin' ) ) { $assumeUser = new BitPermUser( $pUserId ); $assumeUser->loadPermissions(); - if( !empty( $assumeUser->mPerms['p_users_admin'] ) ) { + if( $assumeUser->isAdmin() ) ) { $this->mErrors['assume_user'] = tra( "User administrators cannot be assumed." ); } else { $this->mDb->query( "UPDATE `".BIT_DB_PREFIX."users_cnxn` SET `user_id`=?, `assume_user_id`=? WHERE `cookie`=?", array( $pUserId, $gBitUser->mUserId, $_COOKIE[$user_cookie_site] ) ); |
