Commit eeafa281 authored by Leigh B. Stoller's avatar Leigh B. Stoller

When determining if a user has permission to do something, first make

sure user is actually active!
parent 853e3d03
...@@ -911,7 +911,17 @@ sub TBGrpTrust($$$) ...@@ -911,7 +911,17 @@ sub TBGrpTrust($$$)
$gid = $pid; $gid = $pid;
} }
#
# User must be active to be trusted.
#
my $query_result = my $query_result =
DBQueryFatal("select status from users ".
"where uid='$uid' and status='" . USERSTATUS_ACTIVE() . "'");
if ($query_result->numrows == 0) {
return PROJMEMBERTRUST_NONE;
}
$query_result =
DBQueryFatal("select trust from group_membership ". DBQueryFatal("select trust from group_membership ".
"where uid='$uid' and pid='$pid' and gid='$gid'"); "where uid='$uid' and pid='$pid' and gid='$gid'");
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment