#158 deleting users - fixed by Oleg Gatseluk

monstra-cms · Nov 23, 2013 · 9e2a7bc · 9e2a7bc
1 parent b23bb4b
commit 9e2a7bc
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/plugins/box/users/users.admin.php b/plugins/box/users/users.admin.php
@@ -185,7 +185,7 @@ public static function main()
                 // -------------------------------------
                 case "delete":
 
-                    if (Session::exists('user_role') && in_array(Session::get('user_role'), array('admin'))) {
+                    if (Session::exists('user_role') && in_array(Session::get('user_role'), array('admin')) && (int)$_SESSION['user_id'] != (int)Request::get('user_id')) {
 
                         if (Security::check(Request::get('token'))) {
 

diff --git a/plugins/box/users/views/backend/index.view.php b/plugins/box/users/views/backend/index.view.php
@@ -44,9 +44,12 @@
         <td>
             <div class="pull-right">
             <?php echo Html::anchor(__('Edit', 'users'), 'index.php?id=users&action=edit&user_id='.$user['id'], array('class' => 'btn btn-small')); ?>
-            <?php echo Html::anchor(__('Delete', 'users'),
+            <?php
+                if ((int)$user['id'] != (int)$_SESSION['user_id']) {
+                    echo Html::anchor(__('Delete', 'users'),
                        'index.php?id=users&action=delete&user_id='.$user['id'].'&token='.Security::token(),
                        array('class' => 'btn btn-small', 'onclick' => "return confirmDelete('".__('Delete user: :user', 'users', array(':user' => Html::toText($user['login'])))."')"));
+                }
              ?>
              </div>
         </td>