Closed e11s closed 10 years ago
When non-admins are changing their role, instead of posting one of the role ids available on the page, they can post the role id of admin role - this assigns them an admin role.
Added a check not to allow non-admins to assign admin roles.
When non-admins are changing their role, instead of posting one of the role ids available on the page, they can post the role id of admin role - this assigns them an admin role.
Added a check not to allow non-admins to assign admin roles.