mahara-contributors team mailing list archive

Thread
Date

[Bug 1899571] Re: The only site admin can suspend the account by oneself

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Rangi Daymond <1899571@xxxxxxxxxxxxxxxxxx>
Date: Thu, 15 Oct 2020 01:51:36 -0000
Reply-to: Bug 1899571 <1899571@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Catalyst QA Tested - PASSED
Environment: local Mahara master with patch set https://reviews.mahara.org/#/c/11361/2

Steps as above included testing for:

A. single account suspension via the Admin menu > People > People Search --> select single account to display the 'Site account settings' page, 'Suspend or delete this account' option is displayed in the account sidebar:
- can suspend some/all other site admin accounts
- cannot suspend own site/institution admin account (whether or not sole site/institution admin account)

B. bulk account suspension via the Admin menu > People > People Search --> select multiple accounts across pages (22 accounts present, 10 displayed per page) then select the 'Edit selected accounts' button and attempt to suspend:
- all accounts, including own (as the site/institution administrator) ✔ cannot do this
- all accounts, except own (as the site/institution administrator)  ✔ can do this.

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1899571

Title:
  The only site admin can suspend the account by oneself

Status in Mahara:
  Fix Committed
Status in Mahara 20.10 series:
  Fix Committed

Bug description:
  Now the only site admin can suspend the account by oneself and be locked out from the site.
  So I think it's better for us to avoid site admins suspending oneself by changing code as below.

  File to modify:
  admin/users/bulk.php

  Line:
  294

  [ Before ]
      db_begin();

      foreach ($users as $user) {
          if (!$user->suspendedcusr) {
              suspend_user($user->id, $values['reason']);
              $suspended++;
          }
      }

      db_commit();

      $SESSION->add_ok_msg(get_string('bulksuspenduserssuccess', 'admin', $suspended));
      redirect('/admin/users/suspended.php');

  [ After ]
      db_begin();

      foreach ($users as $user) {
          if (!$user->suspendedcusr && !get_record('usr', 'id', $user->id, 'admin', '1')) {
              suspend_user($user->id, $values['reason']);
              $suspended++;
          }
      }

      db_commit();

      $SESSION->add_ok_msg(get_string('bulksuspenduserssuccess', 'admin', $suspended));
      $SESSION->add_error_msg('You can\'t suspend site admins.');
      redirect('/admin/users/suspended.php');

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1899571/+subscriptions

References

[Bug 1899571] [NEW] The only site admin can suspend the account by oneself
From: Mitsuhiro Yoshida, 2020-10-13