Only external userAdmin can set userAdmin

author Mathieu <mbaudier@argeo.org>

Sat, 12 Nov 2022 08:03:11 +0000 (09:03 +0100)

committer Mathieu <mbaudier@argeo.org>

Sat, 12 Nov 2022 08:03:11 +0000 (09:03 +0100)
author Mathieu <mbaudier@argeo.org>
Sat, 12 Nov 2022 08:03:11 +0000 (09:03 +0100)
committer Mathieu <mbaudier@argeo.org>
Sat, 12 Nov 2022 08:03:11 +0000 (09:03 +0100)
diff --git a/swt/org.argeo.app.ui/src/org/argeo/app/ui/people/PersonUiProvider.java b/swt/org.argeo.app.ui/src/org/argeo/app/ui/people/PersonUiProvider.java

index 73b1f738089d0d46e1aa3277d3db12f3261446ad..c0adcf5582373f3765d6479293d43ee85f3e8fe5 100644 (file)
--- a/swt/org.argeo.app.ui/src/org/argeo/app/ui/people/PersonUiProvider.java
+++ b/swt/org.argeo.app.ui/src/org/argeo/app/ui/people/PersonUiProvider.java
@@ -167,11 +167,16 @@ public class PersonUiProvider implements SwtUiProvider {
                         }
                 }
  
-               if (systemRole.equals(CmsRole.userAdmin))
-                       radio.setEnabled(CurrentUser.implies(CmsRole.groupAdmin, roleContext));
-               else
+               if (systemRole.equals(CmsRole.userAdmin)) {
+                       if (!CurrentUser.isUserContext(roleContext) && CurrentUser.implies(CmsRole.userAdmin, roleContext)) {
+                               // a user admin cannot modify the user admins of their own context
+                               radio.setEnabled(true);
+                       } else {
+                               radio.setEnabled(false);
+                       }
+               } else {
                         radio.setEnabled(CurrentUser.implies(CmsRole.userAdmin, roleContext));
-
+               }
                 new Label(parent, 0).setText(msg.lead());
  
         }
author	Mathieu <mbaudier@argeo.org>
	Sat, 12 Nov 2022 08:03:11 +0000 (09:03 +0100)
committer	Mathieu <mbaudier@argeo.org>
	Sat, 12 Nov 2022 08:03:11 +0000 (09:03 +0100)