Allow global permissions to be set for new users

2026-06-05 04:40:24 +01:00 · 2026-05-15 16:43:29 -07:00
parent 8159fad28f
commit dd4e3e22ef
3 changed files with 9 additions and 7 deletions
--- a/acl/edit_user.cgi
+++ b/acl/edit_user.cgi
@@ -450,11 +450,11 @@ print &ui_hidden_table_end("mods");

 # Add global ACL section, but only if not set from the group
 my $groupglobal = $memg && -r "$config_directory/$memg->{'name'}.acl";
-if ($access{'acl'} && !$groupglobal && $in{'user'} && !$safe) {
+if ($access{'acl'} && !$groupglobal && !$safe) {
 	print &ui_hidden_table_start($text{'edit_global'}, "width=100%", 2,
 				     "global", 0, [ "width=30%" ]);
 	my %uaccess;
-	%uaccess = &get_module_acl($in{'user'}, "", 1);
+	%uaccess = &get_module_acl($in{'user'} || "", "", 1);
 	print &ui_hidden("acl_security_form", 1);
 	&foreign_require("", "acl_security.pl");
 	&foreign_call("", "acl_security_form", \%uaccess);
--- a/acl/save_user.cgi
+++ b/acl/save_user.cgi
@@ -374,7 +374,7 @@ else {
 	}

 my $aclfile = "$config_directory/$in{'name'}.acl";
-if ($in{'old'} && $in{'acl_security_form'} && !$newgroup && !$in{'safe'}) {
+if ($in{'acl_security_form'} && !$newgroup && !$in{'safe'}) {
 	# Update user's global ACL
 	&foreign_require("", "acl_security.pl");
 	my %uaccess;
--- a/web-lib-funcs.pl
+++ b/web-lib-funcs.pl
@@ -4819,10 +4819,12 @@ if (!$nodef) {

 	# If this isn't a master admin user, apply the negative permissions
 	# so that he doesn't un-expectedly gain access to new features
-	my %gacccess;
-	&read_file_cached("$config_directory/$u.acl", \%gaccess);
-	if ($gaccess{'negative'}) {
-		&read_file_cached("$mdir/negativeacl", \%rv);
+	if ($u ne '') {
+		my %gacccess;
+		&read_file_cached("$config_directory/$u.acl", \%gaccess);
+		if ($gaccess{'negative'}) {
+			&read_file_cached("$mdir/negativeacl", \%rv);
+			}
 		}
 	}
 my %usersacl;