X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=WEB-INF%2Flib%2FttUserHelper.class.php;h=e70f085b1c2794550f1f7d6507d660cd48e4fd46;hb=5a989e29aed5ad95f7b4a4082a2d88b924523968;hp=f88f195d0c3536f2a358f8bfa6558fa7372e585d;hpb=f1c11908a996c1a0d9582ef6d32490e5ce15f02d;p=timetracker.git

diff --git a/WEB-INF/lib/ttUserHelper.class.php b/WEB-INF/lib/ttUserHelper.class.php
index f88f195d..e70f085b 100644
--- a/WEB-INF/lib/ttUserHelper.class.php
+++ b/WEB-INF/lib/ttUserHelper.class.php
@@ -167,11 +167,15 @@ class ttUserHelper {
     // Prepare query parts.
     if (isset($fields['password']))
       $pass_part = ', password = md5('.$mdb2->quote($fields['password']).')';
-    if (right_assign_roles & $user->rights) {
+    if (in_array('manage_users', $user->rights)) {
       if (isset($fields['role'])) {
         $role = (int) $fields['role'];
         $role_part = ", role = $role";
       }
+      if (isset($fields['role_id'])) {
+        $role_id = (int) $fields['role_id'];
+        $role_id_part = ", role_id = $role_id";
+      }
       if (array_key_exists('client_id', $fields)) // Could be NULL.
         $client_part = ", client_id = ".$mdb2->quote($fields['client_id']);
     }
@@ -189,7 +193,7 @@ class ttUserHelper {
 
     $sql = "update tt_users set login = ".$mdb2->quote($fields['login']).
       "$pass_part, name = ".$mdb2->quote($fields['name']).
-      "$role_part $client_part $rate_part $status_part, email = ".$mdb2->quote($fields['email']).
+      "$role_part $role_id_part $client_part $rate_part $status_part, email = ".$mdb2->quote($fields['email']).
       " where id = $user_id";
     $affected = $mdb2->exec($sql);
     if (is_a($affected, 'PEAR_Error')) return false;