From 3b4b79d99f8795a26c38b843ca822f38e27ddc23 Mon Sep 17 00:00:00 2001
From: =Corey Hulen <corey@hulen.com>
Date: Tue, 6 Oct 2015 10:50:38 -0700
Subject: Adding checkout for system admin role

---
 api/user.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'api/user.go')

diff --git a/api/user.go b/api/user.go
index 2d7dd9ab1..78f8768a4 100644
--- a/api/user.go
+++ b/api/user.go
@@ -991,7 +991,7 @@ func updateRoles(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 
 	if model.IsInRole(new_roles, model.ROLE_SYSTEM_ADMIN) && !c.IsSystemAdmin() {
-		c.Err = model.NewAppError("updateRoles", "The system_admin role can only be set by another system admin", "")
+		c.Err = model.NewAppError("updateRoles", "The system admin role can only be set by another system admin", "")
 		c.Err.StatusCode = http.StatusForbidden
 		return
 	}
@@ -1014,6 +1014,12 @@ func updateRoles(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if user.IsInRole(model.ROLE_SYSTEM_ADMIN) && !c.IsSystemAdmin() {
+		c.Err = model.NewAppError("updateRoles", "The system admin role can only by modified by another system admin", "")
+		c.Err.StatusCode = http.StatusForbidden
+		return
+	}
+
 	ruser := UpdateRoles(c, user, new_roles)
 	if c.Err != nil {
 		return
-- 
cgit v1.2.3-1-g7c22