composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-23 18:48:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°4036 - User edition controls : a user cannot add to himself a profile denying the backoffice

Browse Source
This commit is contained in:
Eric
2021-07-27 12:09:39 +02:00
parent 8f7e7c136d
commit 25f3c1cbc4
3 changed files with 38 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
core/userrights.class.inc.php
View File

@@ -355,11 +355,22 @@ abstract class User extends cmdbAbstractObject
// Check that this user has at least one profile assigned when profiles have changed
if (array_key_exists('profile_list', $aChanges))
{
/** @var \DBObjectSet $oSet */
$oSet = $this->Get('profile_list');
if ($oSet->Count() == 0)
{
if ($oSet->Count() == 0) {
$this->m_aCheckIssues[] = Dict::S('Class:User/Error:AtLeastOneProfileIsNeeded');
}
// A user cannot add a profile denying the access to the backoffice
$aForbiddenProfiles = PortalDispatcherData::GetData('backoffice')['deny'];
if (UserRights::GetUserId() == $this->GetKey()) {
$oSet->Rewind();
while ($oUserProfile = $oSet->Fetch()) {
$sProfile = $oUserProfile->Get('profile');
if (in_array($sProfile, $aForbiddenProfiles)) {
$this->m_aCheckIssues[] = Dict::Format('Class:User/Error:ProfileNotAllowed', $sProfile);
}
}
}
}
// Only administrators can manage administrators
if (UserRights::IsAdministrator($this) && !UserRights::IsAdministrator())