Restrict access to user banning functions

(DBOINCP-87)
2015-05-11 21:02:51 -04:00 · 2015-05-11 21:02:51 -04:00 · d670551ab3
parent fdd221e7a0
commit d670551ab3
1 changed files with 25 additions and 19 deletions
--- a/drupal/sites/default/boinc/modules/boincuser/boincuser.module
+++ b/drupal/sites/default/boinc/modules/boincuser/boincuser.module
@ -1223,28 +1223,34 @@ function boincuser_control($uid = NULL, $action = NULL) {
  }
  switch ($action) {
  case 'ban':
-    $penalty_period = variable_get('boinc_penalty_period', 7*24*60*60);
-    $boincuser_record = array(
-      'uid' => $uid,
-      'penalty_expiration' => time() + $penalty_period,
-    );
-    drupal_write_record('boincuser', $boincuser_record, 'uid');
-    $community_role = array_search('community member', user_roles(true));
-    if (isset($account->roles[$community_role])) {
-      unset($account->roles[$community_role]);
-      user_save($account, array('roles' => $account->roles));
+    if (user_access('assign community member role')
+    OR user_access('assign all roles')) {
+      $penalty_period = variable_get('boinc_penalty_period', 7*24*60*60);
+      $boincuser_record = array(
+        'uid' => $uid,
+        'penalty_expiration' => time() + $penalty_period,
+      );
+      drupal_write_record('boincuser', $boincuser_record, 'uid');
+      $community_role = array_search('community member', user_roles(true));
+      if (isset($account->roles[$community_role])) {
+        unset($account->roles[$community_role]);
+        user_save($account, array('roles' => $account->roles));
+      }
    }
    break;
  case 'lift-ban':
-    $boincuser_record = array(
-      'uid' => $uid,
-      'penalty_expiration' => 0,
-    );
-    drupal_write_record('boincuser', $boincuser_record, 'uid');
-    $community_role = array_search('community member', user_roles(true));
-    if (!isset($account->roles[$community_role])) {
-      $account->roles[$community_role] = 'community member';
-      user_save($account, array('roles' => $account->roles));
+    if (user_access('assign community member role')
+    OR user_access('assign all roles')) {
+      $boincuser_record = array(
+        'uid' => $uid,
+        'penalty_expiration' => 0,
+      );
+      drupal_write_record('boincuser', $boincuser_record, 'uid');
+      $community_role = array_search('community member', user_roles(true));
+      if (!isset($account->roles[$community_role])) {
+        $account->roles[$community_role] = 'community member';
+        user_save($account, array('roles' => $account->roles));
+      }
    }
    break;
  default: