flashii/misuzu
flashii/misuzu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare hierarchies before applying warnings.

Browse source
This commit is contained in:
flash 2018-12-28 17:35:55 +01:00
parent c2cf8d4d8f
commit 3146b3bc88
2 changed files with 26 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
public/manage/users.php
View file

@ -514,6 +514,10 @@ switch ($_GET['v'] ?? null) {
$warningsUser = (int)($_POST['warning']['user'] ?? 0);
if (!user_check_authority(user_session_current('user_id'), $warningsUser)) {
$notices[] = 'You do not have authority over this user.';
}
if (empty($notices) && $warningsUser > 0) {
$warningId = user_warning_add(
$warningsUser,

22
src/Users/user.php
View file

@ -169,6 +169,28 @@ function user_get_last_ip(int $userId): string
return $getAddress->execute() ? $getAddress->fetchColumn() : '';
}
function user_check_authority(int $userId, int $subjectId): bool
{
$checkHierarchy = db_prepare('
SELECT (
SELECT MAX(r.`role_hierarchy`)
FROM `msz_roles` AS r
LEFT JOIN `msz_user_roles` AS ur
ON ur.`role_id` = r.`role_id`
WHERE ur.`user_id` = :user_id
) > (
SELECT MAX(r.`role_hierarchy`)
FROM `msz_roles` AS r
LEFT JOIN `msz_user_roles` AS ur
ON ur.`role_id` = r.`role_id`
WHERE ur.`user_id` = :subject_id
)
');
$checkHierarchy->bindValue('user_id', $userId);
$checkHierarchy->bindValue('subject_id', $subjectId);
return (bool)($checkHierarchy->execute() ? $checkHierarchy->fetchColumn() : false);
}
define('MSZ_USER_ABOUT_MAX_LENGTH', 0xFFFF);
define('MSZ_USER_ABOUT_OK', 0);