Commit b119fd03 authored by Leigh Stoller's avatar Leigh Stoller

At some point we lost the ability for project leaders to modify

the profile for a member of their projects. I restored that ability.
parent 427494c8
......@@ -1532,8 +1532,33 @@ sub AccessCheck($$$)
return 1
if ($user->IsAdmin());
# Otherwise, better be the same user.
return SameUser($self, $user);
# User can muck with his own stuff.
return 1
if SameUser($self, $user);
my $auth_idx = $user->uid_idx();
my $this_idx = $self->uid_idx();
# Only project leader in same project as user.
if ($access_type == TB_USERINFO_MODIFYINFO) {
# This join will allow the operation if the current user is in the
# same project (any project) as the target user, but with root permissions.
my $query_result =
DBQueryFatal("select from group_membership as g ".
"left join group_membership as authed on ".
" g.pid_idx=authed.pid_idx and ".
" g.gid_idx=authed.gid_idx and ".
" g.uid_idx='$this_idx' ".
"where authed.uid_idx='$auth_idx' and ".
" ('project_root')");
return $query_result->numrows;
return 0;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment