FS#1728, ensure create user correctly checks field modification 'canDo'

Ignore-this: e4d974b5e09e45861a5e463784c6b946

darcs-hash:20091004115740-f07c6-46e15fc4f69949530690400fcb0698b9b7a0e350.gz

1 files changed, 34 insertions, 7 deletions

diff --git a/lib/plugins/usermanager/admin.php b/lib/plugins/usermanager/admin.php
index 1975dc6c9..26ee95093 100644
--- a/lib/plugins/usermanager/admin.php
+++ b/lib/plugins/usermanager/admin.php
@@ -358,16 +358,43 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
 
         list($user,$pass,$name,$mail,$grps) = $this->_retrieveUser();
         if (empty($user)) return false;
-        if (empty($pass)){
-          if(!empty($_REQUEST['usernotify'])){
-            $pass = auth_pwgen();
-          } else {
+
+        if ($this->_auth->canDo('modPass')){
+          if (empty($pass)){
+            if(!empty($_REQUEST['usernotify'])){
+              $pass = auth_pwgen();
+            } else {
+              msg($this->lang['add_fail'], -1);
+              return false;
+            }
+          } 
+        } else {
+          if (!empty($pass)){
+            msg($this->lang['add_fail'], -1);
             return false;
           }
         }
-        if (empty($name) || empty($mail)){
-          msg($this->lang['add_fail'], -1);
-          return false;
+
+        if ($this->_auth->canDo('modName')){
+          if (empty($name)){
+            msg($this->lang['add_fail'], -1);
+            return false;
+          }
+        } else {
+          if (!empty($name)){
+            return false;
+          }
+        }
+
+        if ($this->_auth->canDo('modMail')){
+          if (empty($mail)){
+            msg($this->lang['add_fail'], -1);
+            return false;
+          }
+        } else {
+          if (!empty($mail)){
+          	return false;
+          }
         }
 
         if ($ok = $this->_auth->triggerUserMod('create', array($user,$pass,$name,$mail,$grps))) {