search

chnm / thatcamp-registrations

Easily create an event registration on your multisite-enabled WordPress instance.
http://thatcamp.org
GNU General Public License v3.0
7 stars 3 forks source link

Strips admins of admin privileges when testing with their own e-mail #24

Closed amandafrench closed 11 years ago

amandafrench commented 12 years ago

Apparently the plugin changes administrators to authors when they test it by submitting the registration form using their own e-mail address; the plugin should not allow the site's administrators to test the plugin with their admin e-mail address.

boonebgorges commented 12 years ago

OK, I've done three things: 1) When registrations are managed (approved, rejected, etc) from the Dashboard panel, do a check of the user's status before setting role to Author. If the user being modified is an Administrator, it skips this step. (For all Administrators. Let me know if you want this changed so that it only blocks the main Administrator, admin_email, from being changed.) 2) When you try to register using the admin_email, you get an error thrown at you. Fixing #42 will obviate this point anyway. 3) I removed the "beware the bug" message from the admin panel, since it's fixed.

Test it out.

amandafrench commented 12 years ago

Seems to work great, thanks!

amandafrench commented 11 years ago

Poor Lee, administering http://2011.thatcampgames.org, had his admin privileges demoted to author when testing with his own email address. Perhaps one of the fixes for #19 reintroduced this problem?

amandafrench commented 11 years ago

I think, by the way, that he was not the site administrator: he just had admin privileges. Ideally the plugin should never change the role of existing users on the site, but especially not demote them from admin to author.

boonebgorges commented 11 years ago

Ideally the plugin should never change the role of existing users on the site

What about applications that are accepted and then rejected?

he was not the site administrator: he just had admin privileges

This is the problem; my fix in 9baac2a does not account for it. I'll make a modification when I get a chance. In the meantime, please encourage people to use a different technique than testing with their own email addresses.

amandafrench commented 11 years ago

Um, "never" was too strong a word, sorry. In that case, yes, the user's role should be changed. It'd be more than sufficient to prevent existing users with admin capabilities from having their role changed when a registration is Approved. No rush -- Lee won't do it again, I'm sure, and his is the only active external THATCamp site at the moment.

boonebgorges commented 11 years ago

I put in a check that prevents users from registering (or testing registration) with an admin's email address.

amandafrench commented 11 years ago

Great -- I tested it on a standalone site, too, and it works. Thanks.