View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0017365 | phpList 3 application | Interface - Administrator | public | 08-09-14 16:24 | 26-09-14 11:59 |
| Reporter | ivilata | ||||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Platform | OS | Debian | OS Version | 7.5 Wheezy | |
| Product Version | 3.0.7 | ||||
| Target Version | 3.0.9 | Fixed in Version | 3.0.9 | ||
| Summary | 0017365: Reconcile users page not useful to normal admins? | ||||
| Description | Normal administrators in my site can load the the "reconcileusers" page from "Subscribers/Reconcile subscribers", however by having a look at the code it looks like operations are only available to superusers, and e.g. moving users without list to a list doesn't work and shows no error message either. Maybe just showing a "not enough access" message (à la "massunconfirm" page) would be better to avoid giving the user wrong expectations. I'm attaching a patch for that. | ||||
| Tags | No tags attached. | ||||
|
|
reconcileusers.php.diff (403 bytes)
--- reconcileusers.php.orig 2014-08-12 22:41:20.000000000 +0200
+++ reconcileusers.php 2014-09-08 17:15:45.446719861 +0200
@@ -4,6 +4,11 @@
<?php
require_once dirname(__FILE__).'/accesscheck.php';
+if (!isSuperUser()) {
+ print $GLOBALS['I18N']->get('Sorry, this page can only be used by super admins');
+ return;
+}
+
if (!is_object("date")) {
include_once dirname(__FILE__). "/date.php";
}
|
|
|
yes, I agree |
