also prevent change username, prevent change user 1 [#454820]

I wanted to restrict some things in addition to password changes:

1- block username changes (if password and e-mail are restricted, changing username could still cause problems)

2- prevent blocking changes to admin user 1

I added some code to this module to do the above.

Here is the result, which seems to work:

(all this code is in the file restrict_password_change.module, after (about) line 27, inside the IF clause that blocks password changes)

// username cannot be changed
$form['account']['name']['#access'] = FALSE;

// prevent changing admin user
if ($form['_account']['#value']->uid == 1) {
$form['account']['#access'] = FALSE;
$form['theme_select']['#access'] = FALSE;
$form['contact']['#access'] = FALSE;
$form['submit']['#access'] = FALSE;
$form['timezone']['#access'] = FALSE;
$form['messaging']['#access'] = FALSE;
$form['delete']['#access'] = FALSE;
// block admin changes ONLY for other users - not for admin!
} // if user 1

Comment	File	Size	Author
#6	restrict_password_change_etc.patch	2.7 KB	snowmountain
#5	restrict_password_change_etc.patch	2.97 KB	snowmountain

Comments

Comment #1

snowmountain commented 6 May 2009 at 02:51

Point 2 above,

2- prevent blocking changes to admin user 1

should read

2- prevent changes to admin user 1

Comment #2

snowmountain commented 6 May 2009 at 04:05

To prevent changing the admin user, regardless of whether permission to change other user's passwords is granted or not, take the IF statment above completely outside its containing IF clause (which tests whether password change is restricted).

Comment #3

snowmountain commented 7 May 2009 at 17:12

Perhaps the change I made can be seen as different enough to go into a separate module. The original code prevents a user from GAINING access to other users' accounts; while my change prevents a user from BLOCKING legitimate access to other users' accounts.

Comment #4

jrglasgow commented 7 May 2009 at 21:48

If you will provide a patch for the module I will test and commit'

your patch should also have additional permissions using hook_perm so you could possibly have one role able to do some things and not able to do others

Comment #5

snowmountain commented 22 August 2009 at 09:25

Status	File	Size
new	restrict_password_change_etc.patch	2.97 KB

I added the permissions - and here is a patch file. It could use some testing.

Comment #6

snowmountain commented 23 August 2009 at 01:07

Status	File	Size
new	restrict_password_change_etc.patch	2.7 KB

Here is another patch - this one removes permissions about the user 1; this user cannot be changed, and for security, there is no permission to allow this.

Comment #7

jrglasgow commented 23 August 2009 at 03:25

Status:

Active

» Needs work

patch does not apply to HEAD

Comment #8

jrglasgow commented 23 August 2009 at 03:55

Status:

Needs work

» Fixed

I have manually applied the patch, and committed the changes to HEAD and released 6.x-1.2

Comment #9

6 September 2009 at 04:00

Status:

Fixed

» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

also prevent change username, prevent change user 1

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

Comment #6

Comment #7

Comment #8

Comment #9

News items

Our community

Documentation

Drupal code base

Governance of community