View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0020382 | mantisbt | authorization | public | 2015-12-12 16:45 | 2016-06-12 00:43 |
| Reporter | vboctor | Assigned To | vboctor | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Product Version | 1.2.19 | ||||
| Target Version | 1.3.0-rc.2 | Fixed in Version | 1.3.0-rc.2 | ||
| Summary | 0020382: user_is_administrator() should not return true for disabled admins | ||||
| Description | At the moment, user_is_administrator() returns true for administrators whether or not they are enabled users. We should only consider them admins if they are enabled and have the correct access level. @atrol raised this in https://github.com/mantisbt/mantisbt/pull/689 | ||||
| Tags | No tags attached. | ||||
|
MantisBT: master a3f9d033 2015-12-11 16:37 Details Diff |
Disallow deleting or disabling last admin - When checking for remaining admins, exclude disabled ones. - Don't worry about changes to already disabled users. - Complain when disabling last administrator, not just reducing their access level. Fixes 0020381 Fixes 0020382 |
Affected Issues 0020381, 0020382 |
|
| mod - core/user_api.php | Diff File | ||
| mod - manage_user_delete.php | Diff File | ||
| mod - manage_user_update.php | Diff File | ||
