Index: manage_user_update.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/manage_user_update.php,v
retrieving revision 1.29
diff -u -r1.29 manage_user_update.php
--- manage_user_update.php	18 Feb 2003 02:18:01 -0000	1.29
+++ manage_user_update.php	28 Oct 2003 10:16:00 -0000
@@ -47,6 +47,12 @@
 
 	$t_old_protected = user_get_field( $f_user_id, 'protected' );
 
+	# Project specific access rights override global levels, hence, for users who are changed
+	# to be administrators, we have to remove project specific rights.
+        if ( ( $c_access_level >= ADMINISTRATOR ) && ( !user_is_administrator( $c_user_id ) ) ) {
+		user_delete_project_specific_access_levels( $c_user_id );
+	}
+
 	# if the user is already protected and the admin is not removing the
 	#  protected flag then don't update the access level and enabled flag.
 	#  If the user was unprotected or the protected flag is being turned off
@@ -64,8 +70,8 @@
 	    		WHERE id='$c_user_id'";
 	}
 
-    $result = db_query( $query );
-    $t_redirect_url = 'manage_user_page.php';
+	$result = db_query( $query );
+	$t_redirect_url = 'manage_user_page.php';
 ?>
 <?php html_page_top1() ?>
 <?php
Index: core/user_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/user_api.php,v
retrieving revision 1.60
diff -u -r1.60 user_api.php
--- core/user_api.php	25 Aug 2003 22:24:44 -0000	1.60
+++ core/user_api.php	28 Oct 2003 10:16:04 -0000
@@ -318,17 +318,55 @@
 	}
 
 	# --------------------
-	# delete an account
+	# delete project-specific user access levels.
+	# returns true when successfully deleted
+	function user_delete_project_specific_access_levels( $p_user_id ) {
+		$c_user_id 					= db_prepare_int($p_user_id);
+
+		user_ensure_unprotected( $p_user_id );
+
+		$t_project_user_list_table 	= config_get('mantis_project_user_list_table');
+
+		$query = "DELETE
+				  FROM $t_project_user_list_table
+				  WHERE user_id='$c_user_id'";
+		db_query( $query );
+
+		user_clear_cache( $p_user_id );
+
+		return true;
+	}
+
+	# --------------------
+	# delete profiles for the specified user
+	# returns true when successfully deleted
+	function user_delete_profiles( $p_user_id ) {
+		$c_user_id 					= db_prepare_int($p_user_id);
+
+		user_ensure_unprotected( $p_user_id );
+
+		$t_user_profile_table 		= config_get('mantis_user_profile_table');
+
+		# Remove associated profiles
+		$query = "DELETE
+				  FROM $t_user_profile_table
+				  WHERE user_id='$c_user_id'";
+		db_query( $query );
+
+		user_clear_cache( $p_user_id );
+
+		return true;
+        }
+
+	# --------------------
+	# delete a user account (account, profiles, preferences, project-specific access levels)
 	# returns true when the account was successfully deleted
 	function user_delete( $p_user_id ) {
 		$c_user_id 					= db_prepare_int($p_user_id);
 
-    	user_ensure_unprotected( $p_user_id );
+		user_ensure_unprotected( $p_user_id );
 
 		$t_user_table 				= config_get('mantis_user_table');
-		$t_user_profile_table 		= config_get('mantis_user_profile_table');
-		$t_user_pref_table 			= config_get('mantis_user_pref_table');
-		$t_project_user_list_table 	= config_get('mantis_project_user_list_table');
 
 		# Remove account
 		$query = "DELETE
@@ -337,23 +375,18 @@
 		db_query( $query );
 
 		# Remove associated profiles
-		$query = "DELETE
-				  FROM $t_user_profile_table
-				  WHERE user_id='$c_user_id'";
-		db_query( $query );
+		user_delete_profiles( $p_user_id );
 
 		# Remove associated preferences
 		user_pref_delete_all( $p_user_id );
 
-		$query = "DELETE
-				  FROM $t_project_user_list_table
-				  WHERE user_id='$c_user_id'";
-		db_query( $query );
+		# Remove project specific access levels
+		user_delete_project_specific_access_levels( $p_user_id );
 
 		user_clear_cache( $p_user_id );
 
 		return true;
-    }
+	}
 
 	#===================================
 	# Data Access