Commit e6108640 authored by Patrick Müller's avatar Patrick Müller

feat: permission -> allow self-delete for users and prevent SuperUsers from...

feat: permission -> allow self-delete for users and prevent SuperUsers from deleting their own account
parent b0ae391a
......@@ -2000,6 +2000,7 @@ class User implements QUI\Interfaces\Users\User
* Could the user be deleted?
*
* @throws QUI\Users\Exception
* @throws QUI\Exception
*/
protected function canBeDeleted()
{
......@@ -2008,12 +2009,20 @@ class User implements QUI\Interfaces\Users\User
return;
}
if (QUI::getUserBySession()->getId() === $this->getId()) {
// SuperUser can only be deleted by other SuperUsers
if ($this->isSU()) {
throw new QUI\Users\Exception(
QUI::getLocale()->get('quiqqer/quiqqer', 'exception.user_cannot_delete_himself')
QUI::getLocale()->get('quiqqer/quiqqer', 'exception.superuser_cannot_delete_himself')
);
}
// Check if user can delete himself
if (QUI::getUserBySession()->getId() === $this->getId()) {
\QUI\System\Log::writeRecursive("CHECK SELF DELETE PERMISSION");
$this->checkPermission('quiqqer.users.delete_self');
}
// Check if user is the last SuperUser in the system
if ($this->isSU()) {
$suUsers = QUI::getUsers()->getUserIds([
'where' => [
......
......@@ -70,6 +70,12 @@
<locale name="permission.quiqqer.admin.users._header">
<de><![CDATA[Benutzer]]></de>
</locale>
<locale name="permission.quiqqer.users._header">
<de><![CDATA[Benutzer]]></de>
</locale>
<locale name="permission.quiqqer.users.delete_self">
<de><![CDATA[Darf sein eigenes Benutzerkonto löschen]]></de>
</locale>
<locale name="permission.quiqqer.projects.sites._header">
<de><![CDATA[Seiten]]></de>
</locale>
......@@ -1121,6 +1127,9 @@
<locale name="exception.user_cannot_delete_himself">
<de><![CDATA[Sie können Ihr eigenes Benutzerkonto nicht selbst löschen.]]></de>
</locale>
<locale name="exception.superuser_cannot_delete_himself">
<de><![CDATA[Sie können als Super-User Ihr eigenes Benutzerkonto nicht selbst löschen.]]></de>
</locale>
<locale name="exception.user.one.active.user.must.exists">
<de><![CDATA[
Der Benutzer kann nicht zerstört oder deaktiviert werden.
......
......@@ -70,6 +70,12 @@
<locale name="permission.quiqqer.admin.users._header">
<en><![CDATA[Users]]></en>
</locale>
<locale name="permission.quiqqer.users._header">
<en><![CDATA[Users]]></en>
</locale>
<locale name="permission.quiqqer.users.delete_self">
<en><![CDATA[Can delete his own user account]]></en>
</locale>
<locale name="permission.quiqqer.projects.sites._header">
<en><![CDATA[Sites]]></en>
</locale>
......@@ -1120,6 +1126,9 @@
<locale name="exception.user_cannot_delete_himself">
<en><![CDATA[You cannot delete your own user account.]]></en>
</locale>
<locale name="exception.superuser_cannot_delete_himself">
<de><![CDATA[You as a Super User cannot delete your own user account.]]></de>
</locale>
<locale name="exception.site.linked.already.exists">
<en><![CDATA[
......
......@@ -47,6 +47,11 @@
<!-- Darf Benutzer anlegen -->
<permission name="quiqqer.admin.users.create" type="bool"/>
<!-- Darf Benutzer anlegen -->
<permission name="quiqqer.users.delete_self" type="bool">
<defaultvalue>1</defaultvalue>
</permission>
<!-- Project User / group permissions -->
<!-- Darf Projekte anlegen -->
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment