From d321f63cca8ac087adaec0bf831f08676b8ed187 Mon Sep 17 00:00:00 2001
From: Adam Zammit <adam.zammit@acspri.org.au>
Date: Wed, 2 Sep 2015 13:37:46 +1000
Subject: [PATCH] Link settings option to operator editing Initial user always
 to have superadmin rights (otherwise may lose access to system)

---
 admin/index.php        | 13 +++++++++++--
 admin/operatorlist.php | 10 ++++++----
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/admin/index.php b/admin/index.php
index 239dfa79..d80bf66c 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -43,7 +43,16 @@ include ("../config.inc.php");
  */
 include ("auth-admin.php");
 
- include ("../functions/functions.xhtml.php");
+/*
+ * XHTML file
+ */
+include ("../functions/functions.xhtml.php");
+
+/*
+ * Operator functions
+ */
+include ("../functions/functions.operator.php");
+
  $username = $_SESSION['user'];
  $g = 0;
  if (isset($_GET['g'])) 
@@ -81,7 +90,7 @@ include ("auth-admin.php");
             </a>
 			<!--- User menu // not connected to pages so not working yet //  could be hidden -->
        <ul class="dropdown-menu" role="menu">
-              <li><a href="../include/limesurvey/admin/admin.php?action=editusers"><i class="fa fa-cogs fa-fw "></i>&ensp;<?php print T_("Settings"); ?></a></li>
+              <li><a href="?g=5&amp;page=operatorlist.php?edit=<?php print get_operator_id(); ?>"><i class="fa fa-cogs fa-fw "></i>&ensp;<?php print T_("Settings"); ?></a></li>
 <!---			  <li><a href="../screenloc.php"><i class="fa fa-lock fa-fw "></i>&ensp;<?php print T_("Lock Screen"); ?></a></li> -->
               <li><a href="../include/limesurvey/admin/admin.php?action=logout"><i class="fa fa-sign-out fa-fw "></i>&ensp;<?php print T_("Logout"); ?> </a></li>
             </ul> 
diff --git a/admin/operatorlist.php b/admin/operatorlist.php
index 972becac..42ee50b2 100644
--- a/admin/operatorlist.php
+++ b/admin/operatorlist.php
@@ -55,10 +55,11 @@ $msg = "";
 if (isset($_POST['submit']))
 {
 	$operator_id = intval($_POST['operator_id']);
-	$chat_enable = $voip = $enabled = 0;
+  $superadmin = $chat_enable = $voip = $enabled = 0;
 	if (isset($_POST['voip'])) $voip = 1;
 	if (isset($_POST['chat_enable'])) $chat_enable = 1;
 	if (isset($_POST['enabled'])) $enabled = 1;
+	if (isset($_POST['admin'])) $superadmin = 1;
 
   //get username
   $sql = "SELECT username
@@ -70,7 +71,8 @@ if (isset($_POST['submit']))
   $sql = "UPDATE " . LIME_PREFIX . "users 
           SET users_name = " . $db->qstr($_POST['username']) . ",
           email = " . $db->qstr($_POST['email']) . ",
-          full_name = " . $db->qstr($_POST['firstName']);
+          full_name = " . $db->qstr($_POST['firstName']) . ",
+          superadmin = $superadmin";
 
   if (!empty($_POST['password']))
   {
@@ -143,7 +145,7 @@ if (isset($_GET['edit']))
 
 	$operator_id = intval($_GET['edit']);
 
-	$sql = "SELECT o.*,l.superadmin,l.email
+	$sql = "SELECT o.*,l.superadmin,l.email,l.parent_id
 		FROM operator as o, " . LIME_PREFIX ."users as l
     WHERE o.operator_id = $operator_id
     AND l.users_name = o.username";
@@ -264,7 +266,7 @@ function generate() {
   </div>
 	<div class="form-group">
 		<label for="admin" class="col-sm-3 control-label"><?php echo T_("Is the operator a system administrator?");?></label>
-    <div class="col-sm-3"><input name="admin" type="checkbox" data-toggle="toggle" data-on="<?php echo T_("Yes"); ?>" data-off="<?php echo T_("No"); ?>" data-offstyle="primary" data-onstyle="danger" <?php if ($rs['superadmin']) echo "checked=\"checked\""; ?> value="1"/></div>
+    <div class="col-sm-3"><input name="admin" type="checkbox" data-toggle="toggle" data-on="<?php echo T_("Yes"); ?>" data-off="<?php echo T_("No"); ?>" data-offstyle="primary" data-onstyle="danger" <?php if ($rs['superadmin'] || ($rs['parent_id'] == 0)) echo " checked=\"checked\" "; if ($rs['parent_id'] == 0) echo " disabled=\"disabled\" "; ?> value="1"/></div>
 	</div>
 	<div class="form-group">
 		<label for="chat_enable" class="col-sm-3 control-label"><?php echo T_("Uses chat") . "? ";?></label>