diff options
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Admin.pm | 10 | ||||
| -rw-r--r-- | templates/web/base/admin/user-form.html | 49 |
2 files changed, 40 insertions, 19 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Admin.pm b/perllib/FixMyStreet/App/Controller/Admin.pm index 91af480a8..ce2a653a2 100644 --- a/perllib/FixMyStreet/App/Controller/Admin.pm +++ b/perllib/FixMyStreet/App/Controller/Admin.pm @@ -1148,10 +1148,18 @@ sub user_edit : Path('user_edit') : Args(1) { $user->name( $c->get_param('name') ); $user->email( $c->get_param('email') ); $user->phone( $c->get_param('phone') ) if $c->get_param('phone'); - $user->from_body( $c->get_param('body') || undef ); $user->flagged( $c->get_param('flagged') || 0 ); # Only superusers can grant superuser status $user->is_superuser( ( $c->user->is_superuser && $c->get_param('is_superuser') ) || 0 ); + # Superusers can set from_body to any value, but other staff can only + # set from_body to the same value as their own from_body. + if ($c->user->is_superuser) { + $user->from_body( $c->get_param('body') || undef ); + } elsif ($c->get_param('body') eq $c->user->from_body->id) { + $user->from_body( $c->user->from_body ); + } else { + $user->from_body( undef ); + } unless ($user->email) { $c->stash->{field_errors}->{email} = _('Please enter a valid email'); diff --git a/templates/web/base/admin/user-form.html b/templates/web/base/admin/user-form.html index 2942494a7..96a51486b 100644 --- a/templates/web/base/admin/user-form.html +++ b/templates/web/base/admin/user-form.html @@ -22,25 +22,38 @@ <input type='text' id='email' name='email' value='[% user.email | html %]'></li> <li><label for="phone">[% loc('Phone:') %]</label> <input type='text' id='phone' name='phone' value='[% user.phone | html %]'></li> - <li> - <div class="admin-hint"> - <p> - [% loc( - "Normal (public) users should not be associated with any <strong>body</strong>.<br> - Authorised staff users can be associated with the body they represent.<br> - Depending on the implementation, staff users may have access to the dashboard (summary of - activity across their body), the ability to hide reports or set special report statuses.") - %] - </p> - </div> - [% loc('Body:') %] <select id='body' name='body'> - <option value=''>[% loc('No body') %]</option> - [% FOR body IN bodies %] - <option value="[% body.id %]"[% ' selected' IF body.id == user.from_body.id %]>[% body.name %]</option> + + [% IF c.user.is_superuser %] + <li> + <div class="admin-hint"> + <p> + [% loc( + "Normal (public) users should not be associated with any <strong>body</strong>.<br> + Authorised staff users can be associated with the body they represent.<br> + Depending on the implementation, staff users may have access to the dashboard (summary of + activity across their body), the ability to hide reports or set special report statuses.") + %] + </p> + </div> + [% loc('Body:') %] <select id='body' name='body'> + <option value=''>[% loc('No body') %]</option> + [% FOR body IN bodies %] + <option value="[% body.id %]"[% ' selected' IF body.id == user.from_body.id %]>[% body.name %]</option> + [% END %] + </select> + [% IF user.from_body AND user.has_permission_to('moderate', user.from_body.id) %]*[% END %] + </li> + [% ELSE %] + <li> + <div class="admin-hint"> + <p> + [% loc("Staff users have permission to log in to the admin.") %] + </p> + </div> + [% loc('Staff:') %] <input type="checkbox" id="body" name="body" value="[% c.user.from_body.id %]" [% user.from_body.id == c.user.from_body.id ? ' checked' : '' %]> + </li> [% END %] - </select> - [% IF user.from_body AND user.has_permission_to('moderate', user.from_body.id) %]*[% END %] - </li> + [% IF c.cobrand.moniker != 'zurich' %] <li> <div class="admin-hint"> |