user admin protection

author: vincent-peugnet <v.peugnet@free.fr> 2018-12-24 12:04:27 +0100
committer: vincent-peugnet <v.peugnet@free.fr> 2018-12-24 12:04:27 +0100
commit: 055bbcbd61a56e39408e7d2b9d83c47fc76daa20 (patch)
tree: 3d3ced3c3147346e382a9ca53a499fd35f21749a /app/class
parent: 8d8f625ea20e10cf6fb053fab73c2ef7a559dc87 (diff)
download: wcms-055bbcbd61a56e39408e7d2b9d83c47fc76daa20.tar.gz
wcms-055bbcbd61a56e39408e7d2b9d83c47fc76daa20.zip
3 files changed, 13 insertions, 8 deletions
diff --git a/app/class/application.php b/app/class/application.php
index 39cdd8a..f4b2a84 100644
--- a/app/class/application.php
+++ b/app/class/application.php
@@ -49,7 +49,7 @@ class Application
                     $this->configform();
                     exit;
                 } else {
-                    if(!$this->usermanager->adminexist()) {
+                    if($this->usermanager->admincount() === 0) {
                         echo 'missing admin user';
                         $this->adminform();
                         exit;
diff --git a/app/class/controlleruser.php b/app/class/controlleruser.php
index 00b7246..9daf1fb 100644
--- a/app/class/controlleruser.php
+++ b/app/class/controlleruser.php
@@ -36,7 +36,16 @@ class Controlleruser extends Controller
     {
         if($_POST['action'] === 'delete') {
             $user = new User($_POST);
-            $this->showtemplate('userconfirmdelete', ['userdelete' => $user]);
+            $user = $this->usermanager->get($user);
+            if($user !== false) {
+                if($user->isadmin() && $this->usermanager->admincount() === 1) {
+                    $this->showtemplate('userconfirmdelete', ['userdelete' => $user, 'candelete' => false]);
+                } else {
+                    $this->showtemplate('userconfirmdelete', ['userdelete' => $user, 'candelete' => true]);
+                }
+            } else {
+                $this->routedirect('user');
+            }
         } elseif ($_POST['action'] == 'confirmdelete') {
             $user = new User($_POST);
             $this->usermanager->delete($user);
diff --git a/app/class/modeluser.php b/app/class/modeluser.php
index e4b7eee..613d13b 100644
--- a/app/class/modeluser.php
+++ b/app/class/modeluser.php
@@ -97,17 +97,13 @@ class Modeluser extends Modeldb
 		return $userlist;
     }
 
-    public function adminexist()
+    public function admincount()
     {
         $userdatalist = $this->repo->query()
 		->where('level', '==', 10)
 		->execute();
 
-        if($userdatalist->total() === 0) {
-            return false;
-        } else {
-            return true;
-        }
+        return $userdatalist->total();
     }
 
     public function passwordexist(string $pass)
author	vincent-peugnet <v.peugnet@free.fr>	2018-12-24 12:04:27 +0100
committer	vincent-peugnet <v.peugnet@free.fr>	2018-12-24 12:04:27 +0100
commit	055bbcbd61a56e39408e7d2b9d83c47fc76daa20 (patch)
tree	3d3ced3c3147346e382a9ca53a499fd35f21749a /app/class
parent	8d8f625ea20e10cf6fb053fab73c2ef7a559dc87 (diff)
download	wcms-055bbcbd61a56e39408e7d2b9d83c47fc76daa20.tar.gz wcms-055bbcbd61a56e39408e7d2b9d83c47fc76daa20.zip