User: Control changes in roles to avoid switching to students if it still has responsibilities as hiher-privilege role - refs #5840 (#6244)

christianbeeznest · web-flow · commit 7b06bd8d2536 · 2025-07-11T13:40:32.000+02:00
Author: @christianbeeznest
diff --git a/public/main/admin/user_edit.php b/public/main/admin/user_edit.php
@@ -441,7 +441,7 @@ function confirmation(name) {
         $lastname = $user['lastname'];
         $firstname = $user['firstname'];
         $password = $user['password'];
-        $auth_source = $user['auth_source'] ?? $userInfo['auth_source'];
+        $auth_source = $user['auth_source'] ?? ($userInfo['auth_source'] ?? []);
         $official_code = $user['official_code'];
         $email = $user['email'];
         $phone = $user['phone'];
@@ -474,6 +474,50 @@ function confirmation(name) {
 
         $template = $user['email_template_option'] ?? [];
 
+        $incompatible = false;
+        $conflicts = [];
+        $oldStatus = $userObj->getStatus();
+        $newStatus = (int) $user['status'];
+        if ($oldStatus !== $newStatus) {
+            $isNowStudent = $newStatus === STUDENT;
+            if ($isNowStudent) {
+                $courseTeacherCount = $userObj->getCourses()->count();
+                $coachSessions = $userObj->getSessionsAsGeneralCoach();
+                $adminSessions = $userObj->getSessionsAsAdmin();
+
+                if ($courseTeacherCount > 0) {
+                    $conflicts[] = get_lang('User is teacher in some courses');
+                }
+
+                if (!empty($coachSessions)) {
+                    $conflicts[] = get_lang('User is general coach in some sessions');
+                }
+
+                if (!empty($adminSessions)) {
+                    $conflicts[] = get_lang('User is session admin in some sessions');
+                }
+
+                if (!empty($conflicts)) {
+                    $incompatible = true;
+                }
+            }
+        }
+        if ($incompatible) {
+            $conflictMessage = Display::return_message(
+                get_lang('Role change denied due to incompatible current assignments:').'<br>- '.implode('<br>- ', $conflicts),
+                'error',
+                false
+            );
+
+            $content = $conflictMessage;
+            $content .= $form->returnForm();
+
+            $tpl = new Template($tool_name);
+            $tpl->assign('content', $content);
+            $tpl->display_one_col_template();
+            exit;
+        }
+
         UserManager::update_user(
             $user_id,
             $firstname,
