Commit 2538df91 authored by Leigh B Stoller's avatar Leigh B Stoller

Allow project leader to edit/delete all profiles in the project.

parent b83f757f
......@@ -1623,5 +1623,7 @@ sub CanDelete($$)
if ($user->IsAdmin());
return 1
if ($user->uid_idx() == $profile->creator_idx());
return 1
if ($user->SameUser($project->GetLeader()));
return 0;
}
<?php
#
# Copyright (c) 2000-2017 University of Utah and the Flux Group.
# Copyright (c) 2000-2018 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -268,7 +268,7 @@ if (isset($action) && ($action == "edit" || $action == "copy")) {
SPITUSERERROR("Profile has been deleted!");
}
if ($action == "edit") {
if ($this_idx != $profile->creator_idx() && !ISADMIN()) {
if (!$profile->CanEdit($this_user)) {
SPITUSERERROR("Not enough permission!");
}
}
......
......@@ -472,8 +472,16 @@ class Profile
return $this->CanInstantiate($user);
}
function CanEdit($user) {
if ($this->creator_idx() == $user->uid_idx() || ISADMIN())
if ($this->creator_idx() == $user->uid_idx() || ISADMIN()) {
return 1;
}
$project = Project::Lookup($this->pid_idx());
if (!$project) {
return 0;
}
if ($user->uid_idx() == $project->GetLeader()->uid_idx()) {
return 1;
}
return 0;
}
function CanDelete($user) {
......@@ -489,7 +497,8 @@ class Profile
if ($project->isAPT()) {
return 0;
}
if ($this->creator_idx() == $user->uid_idx() || ISADMIN()) {
if ($this->creator_idx() == $user->uid_idx() || ISADMIN() ||
$user->uid_idx() == $project->GetLeader()->uid_idx()) {
return 1;
}
return 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment