View Issue Details

IDProjectCategoryView StatusLast Update
0017365phplist applicationInterface - Administratorpublic26-09-14 11:59
Reporterivilata 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
PlatformOSDebianOS Version7.5 Wheezy
Product Version3.0.7 
Target Version3.0.9Fixed in Version3.0.9 
Summary0017365: Reconcile users page not useful to normal admins?
DescriptionNormal administrators in my site can load the the "reconcileusers" page from "Subscribers/Reconcile subscribers", however by having a look at the code it looks like operations are only available to superusers, and e.g. moving users without list to a list doesn't work and shows no error message either.

Maybe just showing a "not enough access" message (à la "massunconfirm" page) would be better to avoid giving the user wrong expectations. I'm attaching a patch for that.
TagsNo tags attached.

Activities

ivilata

08-09-14 16:24

reporter  

reconcileusers.php.diff (403 bytes)
--- reconcileusers.php.orig	2014-08-12 22:41:20.000000000 +0200
+++ reconcileusers.php	2014-09-08 17:15:45.446719861 +0200
@@ -4,6 +4,11 @@
 <?php
 require_once dirname(__FILE__).'/accesscheck.php';
 
+if (!isSuperUser()) {
+  print $GLOBALS['I18N']->get('Sorry, this page can only be used by super admins');
+  return;
+}
+
 if (!is_object("date")) {
   include_once dirname(__FILE__). "/date.php";
 }

michiel

24-09-14 11:01

manager   ~0055129


yes, I agree