Fixed - Disabled critical self-edit account state checkboxes.
This commit is contained in:
@@ -336,3 +336,8 @@ Project Change ID[date-time] - application-version - Type - Summary:
|
||||
- 1 - I changed the Is Administrator reason field so it appears only when the checkbox is unchecked.
|
||||
- 2 - I stopped requiring or sending a reason when administrator privileges are granted and changed that email to a congratulatory promotion message.
|
||||
- 3 - I kept the reason on administrator privilege removal, regenerated template/options bindata, and reran the focused admin grant tests.
|
||||
|
||||
64 - [2026-04-29 22:03:18] - v1.27.0-dev-61-g067a09c2ac - Type: Fixed - Disabled critical self-edit account state checkboxes.
|
||||
- 1 - I disabled User Account Is Activated and Is Restricted when an administrator edits their own account, matching the existing self-edit protection for Disable Sign-In.
|
||||
- 2 - I hardened the admin user update handler so manually submitted self-edit forms cannot change the current admin's active, restricted, or prohibit-login state.
|
||||
- 3 - I regenerated local ignored template bindata and verified the admin package compilation with reduced build pressure.
|
||||
|
||||
@@ -787,8 +787,13 @@ func EditUserPost(ctx *context.Context) {
|
||||
wasProhibitLogin := u.ProhibitLogin
|
||||
requestedActive := form.Active
|
||||
requestedAdmin := form.Admin
|
||||
requestedRestricted := form.Restricted
|
||||
requestedProhibitLogin := form.ProhibitLogin
|
||||
if ctx.Doer.ID == u.ID {
|
||||
requestedAdmin = u.IsAdmin
|
||||
requestedActive = u.IsActive
|
||||
requestedRestricted = u.IsRestricted
|
||||
requestedProhibitLogin = u.ProhibitLogin
|
||||
}
|
||||
if requestStatus != "" {
|
||||
requestedActive = u.IsActive
|
||||
@@ -807,12 +812,12 @@ func EditUserPost(ctx *context.Context) {
|
||||
renderAdminUserEditReasonErr(ctx, u, form)
|
||||
return
|
||||
}
|
||||
if ctx.Doer.ID != u.ID && !wasProhibitLogin && form.ProhibitLogin && prohibitLoginReason == "" {
|
||||
if !wasProhibitLogin && requestedProhibitLogin && prohibitLoginReason == "" {
|
||||
ctx.Data["Err_ProhibitLoginReason"] = true
|
||||
renderAdminUserEditReasonErr(ctx, u, form)
|
||||
return
|
||||
}
|
||||
if !wasRestricted && form.Restricted && restrictedReason == "" {
|
||||
if !wasRestricted && requestedRestricted && restrictedReason == "" {
|
||||
ctx.Data["Err_RestrictedReason"] = true
|
||||
renderAdminUserEditReasonErr(ctx, u, form)
|
||||
return
|
||||
@@ -852,7 +857,7 @@ func EditUserPost(ctx *context.Context) {
|
||||
if ctx.Doer.ID == u.ID {
|
||||
authOpts.ProhibitLogin = optional.Some(false)
|
||||
} else {
|
||||
authOpts.ProhibitLogin = optional.Some(form.ProhibitLogin)
|
||||
authOpts.ProhibitLogin = optional.Some(requestedProhibitLogin)
|
||||
}
|
||||
|
||||
fields := strings.Split(form.LoginType, "-")
|
||||
@@ -911,7 +916,7 @@ func EditUserPost(ctx *context.Context) {
|
||||
AllowImportLocal: optional.Some(form.AllowImportLocal),
|
||||
MaxRepoCreation: optional.Some(form.MaxRepoCreation),
|
||||
AllowCreateOrganization: optional.Some(form.AllowCreateOrganization),
|
||||
IsRestricted: optional.Some(form.Restricted),
|
||||
IsRestricted: optional.Some(requestedRestricted),
|
||||
Visibility: optional.Some(form.Visibility),
|
||||
Language: optional.Some(form.Language),
|
||||
}
|
||||
@@ -965,7 +970,7 @@ func EditUserPost(ctx *context.Context) {
|
||||
}
|
||||
}
|
||||
|
||||
if !wasRestricted && form.Restricted {
|
||||
if !wasRestricted && requestedRestricted {
|
||||
if ok := storeAdminRestrictedInfo(ctx, u.ID, ctx.Doer); !ok {
|
||||
return
|
||||
}
|
||||
@@ -1006,12 +1011,12 @@ func EditUserPost(ctx *context.Context) {
|
||||
Action: ctx.Locale.TrString("admin.users.status_change.allow_login"),
|
||||
})
|
||||
}
|
||||
if !wasRestricted && form.Restricted {
|
||||
if !wasRestricted && requestedRestricted {
|
||||
statusChanges = append(statusChanges, mailer.AdminUserStatusChange{
|
||||
Action: ctx.Locale.TrString("admin.users.status_change.restricted"),
|
||||
Reason: restrictedReason,
|
||||
})
|
||||
} else if wasRestricted && !form.Restricted {
|
||||
} else if wasRestricted && !requestedRestricted {
|
||||
statusChanges = append(statusChanges, mailer.AdminUserStatusChange{
|
||||
Action: ctx.Locale.TrString("admin.users.status_change.unrestricted"),
|
||||
})
|
||||
|
||||
@@ -136,7 +136,7 @@
|
||||
<div class="inline field">
|
||||
<div class="ui checkbox">
|
||||
<label><strong>{{ctx.Locale.Tr "admin.users.is_activated"}}</strong></label>
|
||||
<input name="active" type="checkbox" data-admin-status-reason-toggle="#active-reason-field" data-admin-status-reason-inverted="true" {{if .User.IsActive}}checked{{end}} {{if .AccountRequestStatus}}disabled{{end}}>
|
||||
<input name="active" type="checkbox" data-admin-status-reason-toggle="#active-reason-field" data-admin-status-reason-inverted="true" {{if .User.IsActive}}checked{{end}} {{if or .AccountRequestStatus (eq .User.ID .SignedUserID)}}disabled{{end}}>
|
||||
{{if .AccountRequestStatus}}<p class="help">{{ctx.Locale.Tr "admin.users.account_request.active_managed_externally"}}</p>{{end}}
|
||||
</div>
|
||||
</div>
|
||||
@@ -178,7 +178,7 @@
|
||||
<div class="inline field">
|
||||
<div class="ui checkbox">
|
||||
<label><strong>{{ctx.Locale.Tr "admin.users.is_restricted"}}</strong></label>
|
||||
<input name="restricted" type="checkbox" data-admin-status-reason-toggle="#restricted-reason-field" {{if .User.IsRestricted}}checked{{end}}>
|
||||
<input name="restricted" type="checkbox" data-admin-status-reason-toggle="#restricted-reason-field" {{if .User.IsRestricted}}checked{{end}} {{if eq .User.ID .SignedUserID}}disabled{{end}}>
|
||||
</div>
|
||||
</div>
|
||||
<div class="field {{if .Err_RestrictedReason}}error{{end}}" id="restricted-reason-field">
|
||||
|
||||
Reference in New Issue
Block a user