Only __public__ can be anonymous

2020-08-18 17:53:18 +02:00 · 2020-08-18 17:53:18 +02:00 · 27d9bd6a70
parent b94d66bfc0
commit 27d9bd6a70
2 changed files with 9 additions and 0 deletions
--- a/src/lang/en_US.lang.php
+++ b/src/lang/en_US.lang.php
@ -152,6 +152,7 @@ $sm_lang = array(
        'error_user_password_invalid' => 'The entered password is invalid.',
        'error_user_password_no_match' => 'The entered passwords do not match.',
        'error_user_admin_cant_be_deleted' => 'You can\'t remove the last administrator.',
+        'error_user_cant_be_anonymous' => 'Only user \'__public__\' can have the level anonymous.'
    ),
    'log' => array(
        'title' => 'Log entries',
--- a/src/psm/Module/User/Controller/UserController.php
+++ b/src/psm/Module/User/Controller/UserController.php
@ -274,6 +274,14 @@ class UserController extends AbstractController
            $user_validator->username($clean['user_name'], $user_id);
            $user_validator->email($clean['email']);
            $user_validator->level($clean['level']);
+            
+            // Won't allow anonymous level for users other than __PUBLIC__
+            if ($clean['user_name'] !== "__PUBLIC__" && (int) $clean['level'] === (int) PSM_USER_ANONYMOUS) {
+                $this->addMessage(psm_get_lang('users', 'error_user_cant_be_anonymous'), 'error');
+                $clean['level'] = PSM_USER_USER;
+            }
+
+            // Won't allow removing the last admin
            if (
                count($this->db->select(PSM_DB_PREFIX . 'users', array('level' => PSM_USER_ADMIN))) == 1 &&
                    $this->getUser()->getUserLevel() == PSM_USER_ADMIN