From: Mathieu <mbaudier@argeo.org>
Date: Sat, 12 Nov 2022 08:03:11 +0000 (+0100)
Subject: Only external userAdmin can set userAdmin
X-Git-Tag: v2.3.9~17
X-Git-Url: https://git.argeo.org/?p=gpl%2Fargeo-suite.git;a=commitdiff_plain;h=3197ec58385951957c237fd6c147670cca89123c

Only external userAdmin can set userAdmin
---

diff --git a/swt/org.argeo.app.ui/src/org/argeo/app/ui/people/PersonUiProvider.java b/swt/org.argeo.app.ui/src/org/argeo/app/ui/people/PersonUiProvider.java
index 73b1f73..c0adcf5 100644
--- a/swt/org.argeo.app.ui/src/org/argeo/app/ui/people/PersonUiProvider.java
+++ b/swt/org.argeo.app.ui/src/org/argeo/app/ui/people/PersonUiProvider.java
@@ -167,11 +167,16 @@ public class PersonUiProvider implements SwtUiProvider {
 			}
 		}
 
-		if (systemRole.equals(CmsRole.userAdmin))
-			radio.setEnabled(CurrentUser.implies(CmsRole.groupAdmin, roleContext));
-		else
+		if (systemRole.equals(CmsRole.userAdmin)) {
+			if (!CurrentUser.isUserContext(roleContext) && CurrentUser.implies(CmsRole.userAdmin, roleContext)) {
+				// a user admin cannot modify the user admins of their own context
+				radio.setEnabled(true);
+			} else {
+				radio.setEnabled(false);
+			}
+		} else {
 			radio.setEnabled(CurrentUser.implies(CmsRole.userAdmin, roleContext));
-
+		}
 		new Label(parent, 0).setText(msg.lead());
 
 	}