You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by sn...@apache.org on 2007/07/26 21:32:00 UTC
svn commit: r559948 - in /roller/trunk/apps/weblogger:
src/java/org/apache/roller/weblogger/ui/struts2/admin/ModifyUser.java
web/WEB-INF/classes/ApplicationResources.properties
Author: snoopdave
Date: Thu Jul 26 12:32:00 2007
New Revision: 559948
URL: http://svn.apache.org/viewvc?view=rev&rev=559948
Log:
Fixing ROL-1495 "Admin user should not be allowed to disable administrator privilege if there is no other admin users in the system"
No longer allow you to change your own role. We don't show the Admin checkbox if you are editing yourself, plus there's a check in ModifyUser action to prevent you from changing your own role.
Modified:
roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/ui/struts2/admin/ModifyUser.java
roller/trunk/apps/weblogger/web/WEB-INF/classes/ApplicationResources.properties
Modified: roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/ui/struts2/admin/ModifyUser.java
URL: http://svn.apache.org/viewvc/roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/ui/struts2/admin/ModifyUser.java?view=diff&rev=559948&r1=559947&r2=559948
==============================================================================
--- roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/ui/struts2/admin/ModifyUser.java (original)
+++ roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/ui/struts2/admin/ModifyUser.java Thu Jul 26 12:32:00 2007
@@ -58,7 +58,7 @@
}
// no weblog required
- public boolean isWeblogRequired() {
+ public boolean isWeblogRequired() {
return false;
}
@@ -130,12 +130,24 @@
UserManager mgr = WebloggerFactory.getWeblogger().getUserManager();
// grant/revoke admin role if needed
- if(getUser().hasRole("admin") && !getBean().isAdministrator()) {
- // revoke role
- mgr.revokeRole("admin", getUser());
+ if (getUser().hasRole("admin") && !getBean().isAdministrator()) {
+
+ if (!isUserEditingSelf()) {
+ // revoke role
+ mgr.revokeRole("admin", getUser());
+ } else {
+ addError("userAdmin.cantChangeOwnRole");
+ }
+
} else if(!getUser().hasRole("admin") && getBean().isAdministrator()) {
- // grant role
- getUser().grantRole("admin");
+
+ if (!isUserEditingSelf()) {
+ // grant role
+ getUser().grantRole("admin");
+ } else {
+ addError("userAdmin.cantChangeOwnRole");
+ }
+
}
RollerContext.flushAuthenticationUserCache(getUser().getUserName());
@@ -194,6 +206,10 @@
public void setUserName(String userName) {
this.userName = userName;
+ }
+
+ public boolean isUserEditingSelf() {
+ return getUser().equals(getAuthenticatedUser());
}
}
Modified: roller/trunk/apps/weblogger/web/WEB-INF/classes/ApplicationResources.properties
URL: http://svn.apache.org/viewvc/roller/trunk/apps/weblogger/web/WEB-INF/classes/ApplicationResources.properties?view=diff&rev=559948&r1=559947&r2=559948
==============================================================================
--- roller/trunk/apps/weblogger/web/WEB-INF/classes/ApplicationResources.properties (original)
+++ roller/trunk/apps/weblogger/web/WEB-INF/classes/ApplicationResources.properties Thu Jul 26 12:32:00 2007
@@ -1566,6 +1566,7 @@
userAdmin.tip.timeZone=User''s preferred timezone.
userAdmin.userSaved=User profile saved
+userAdmin.cantChangeOwnRole=Cannot change your own role
userAdmin.error.userNotFound=Specified user not found
userAdmin.error.unexpected=Unexpected error