Move the option that controls if a user can accept RPC calls out of the global ACL and into a more findable location in the Edit User page

acl/edit_user.cgi

@@ -42,6 +42,11 @@ else {
 				      : $text{'edit_title2'}, "");
 	}
 my $me = &get_user($base_remote_user);
+my %uaccess = &get_module_acl($in{'user'} || "", "", 1);
+if (!$in{'user'} && $uaccess{'rpc'} == 2) {
+	# Don't offer the confusing 'root' or 'admin' RPC option by default
+	$uaccess{'rpc'} = 0;
+	}
 
 # Give up if readonly
 if ($user{'readonly'} && !$in{'readwrite'}) {
@@ -363,6 +368,15 @@ elsif ($miniserv{'twofactor_provider'}) {
 		&ui_submit($text{'edit_twofactoradd'}, "twofactor"));
 	}
 
+# Can accept RPC calls?
+if ($access{'acl'} && !$safe) {
+	print &ui_table_row($text{'acl_rpc'},
+		&ui_radio("rpc", int($uaccess{'rpc'}),
+			  [ [ 1, $text{'acl_rpc1'} ],
+			    $uaccess{'rpc'} == 2 ? ( [ 2, $text{'acl_rpc2'} ] ) : ( ),
+			    [ 0, $text{'acl_rpc0'} ] ]));
+	}
+
 print &ui_hidden_table_end("security");
 
 # Work out which modules can be selected
@@ -445,8 +459,6 @@ my $groupglobal = $memg && -r "$config_directory/$memg->{'name'}.acl";
 if ($access{'acl'} && !$groupglobal && !$safe) {
 	print &ui_hidden_table_start($text{'edit_global'}, "width=100%", 2,
 				     "global", 0, [ "width=30%" ]);
-	my %uaccess;
-	%uaccess = &get_module_acl($in{'user'} || "", "", 1);
 	print &ui_hidden("acl_security_form", 1);
 	&foreign_require("", "acl_security.pl");
 	&foreign_call("", "acl_security_form", \%uaccess);

acl/save_user.cgi

@@ -370,10 +370,12 @@ else {
 
 my $aclfile = "$config_directory/$in{'name'}.acl";
 if ($in{'acl_security_form'} && !$newgroup && !$in{'safe'}) {
-	# Update user's global ACL
+	# Update user's global ACL, and merge in RPC setting which has
+	# been moved out of this form
 	&foreign_require("", "acl_security.pl");
 	my %uaccess;
 	&foreign_call("", "acl_security_save", \%uaccess, \%in);
+	$uaccess{'rpc'} = $in{'rpc'};
 	&lock_file($aclfile);
 	&save_module_acl(\%uaccess, $in{'name'}, "", 1);
 	&set_ownership_permissions(undef, undef, 0640, $aclfile);

acl_security.pl

@@ -77,13 +77,6 @@ print &ui_table_row($text{'acl_gedit'},
 
 print &ui_table_hr();
 
-# Can accept RPC calls?
-print &ui_table_row($text{'acl_rpc'},
-	&ui_radio("rpc", int($o->{'rpc'}),
-		  [ [ 1, $text{'acl_rpc1'} ],
-		    $o->{'rpc'} == 2 ? ( [ 2, $text{'acl_rpc2'} ] ) : ( ),
-		    [ 0, $text{'acl_rpc0'} ] ]));
-
 # Get new permissions?
 print &ui_table_row($text{'acl_negative'},
 	&ui_radio("negative", int($o->{'negative'}),
@@ -122,7 +115,6 @@ $o->{'gedit'} = $in{'gedit_mode'} == 2 ? $in{'gedit_can'} :
 		   $in{'gedit_mode'} == 3 ? $in{'gedit_cannot'} :
 		   $in{'gedit_mode'} == 4 ? $in{'gedit_gid'} : "";
 $o->{'gedit2'} = $in{'gedit_mode'} == 4 ? $in{'gedit_gid2'} : undef;
-$o->{'rpc'} = $in{'rpc'};
 $o->{'negative'} = $in{'negative'};
 $o->{'readonly'} = $in{'readonly'};
 $o->{'fileunix'} = $in{'fileunix_def'} ? undef : $in{'fileunix'};