Commit 2538df91 authored by Leigh B Stoller's avatar Leigh B Stoller
Browse files

Allow project leader to edit/delete all profiles in the project.

parent b83f757f
...@@ -1623,5 +1623,7 @@ sub CanDelete($$) ...@@ -1623,5 +1623,7 @@ sub CanDelete($$)
if ($user->IsAdmin()); if ($user->IsAdmin());
return 1 return 1
if ($user->uid_idx() == $profile->creator_idx()); if ($user->uid_idx() == $profile->creator_idx());
return 1
if ($user->SameUser($project->GetLeader()));
return 0; return 0;
} }
<?php <?php
# #
# Copyright (c) 2000-2017 University of Utah and the Flux Group. # Copyright (c) 2000-2018 University of Utah and the Flux Group.
# #
# {{{EMULAB-LICENSE # {{{EMULAB-LICENSE
# #
...@@ -268,7 +268,7 @@ if (isset($action) && ($action == "edit" || $action == "copy")) { ...@@ -268,7 +268,7 @@ if (isset($action) && ($action == "edit" || $action == "copy")) {
SPITUSERERROR("Profile has been deleted!"); SPITUSERERROR("Profile has been deleted!");
} }
if ($action == "edit") { if ($action == "edit") {
if ($this_idx != $profile->creator_idx() && !ISADMIN()) { if (!$profile->CanEdit($this_user)) {
SPITUSERERROR("Not enough permission!"); SPITUSERERROR("Not enough permission!");
} }
} }
......
...@@ -472,8 +472,16 @@ class Profile ...@@ -472,8 +472,16 @@ class Profile
return $this->CanInstantiate($user); return $this->CanInstantiate($user);
} }
function CanEdit($user) { function CanEdit($user) {
if ($this->creator_idx() == $user->uid_idx() || ISADMIN()) if ($this->creator_idx() == $user->uid_idx() || ISADMIN()) {
return 1;
}
$project = Project::Lookup($this->pid_idx());
if (!$project) {
return 0;
}
if ($user->uid_idx() == $project->GetLeader()->uid_idx()) {
return 1; return 1;
}
return 0; return 0;
} }
function CanDelete($user) { function CanDelete($user) {
...@@ -489,7 +497,8 @@ class Profile ...@@ -489,7 +497,8 @@ class Profile
if ($project->isAPT()) { if ($project->isAPT()) {
return 0; return 0;
} }
if ($this->creator_idx() == $user->uid_idx() || ISADMIN()) { if ($this->creator_idx() == $user->uid_idx() || ISADMIN() ||
$user->uid_idx() == $project->GetLeader()->uid_idx()) {
return 1; return 1;
} }
return 0; return 0;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment