|
From: SourceForge.net <no...@so...> - 2010-06-22 21:40:59
|
Feature Requests item #2190501, was opened at 2008-10-24 00:27 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=2190501&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: SVN (please specify revision!) Status: Open Resolution: None >Priority: 1 Private: No Submitted By: Christian Boltz (christian_boltz) Assigned to: Nobody/Anonymous (nobody) Summary: Superadmin should not be able to delete or disable himself Initial Comment: A superadmin should not be able to shoot himself in the foot^W^W^W^W^Wdelete or disable himself (in the list/edit admin section) because this will lock him out of postfixadmin. This can be done by a) not showing the delete link for the currently logged in superadmin b) like a, but at server side before deleting the admin c) while editing an admin, unchecking the superadmin checkbox should be impossible for the currently logged in superadmin d) c) should also be checked server-side ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2010-06-22 23:40 Message: e) use bullet-proof shoes ;-) Seriously: setup.php can easily create a new superadmin - therefore the reason to implement self-protection has gone to nearly zero. I'm lowering the priority to lowest. I'll accept patches, but I won't implement it myself. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=2190501&group_id=191583 |
