From 873e99c49f25e12776e7029b5b5d4ecd1949e27c Mon Sep 17 00:00:00 2001
From: Tom Clegg <tom@clinicalfuture.com>
Date: Mon, 28 Jan 2013 13:01:10 -0800
Subject: [PATCH] add some admin privileges to make bootstrapping possible

---
 app/models/orvos_model.rb | 2 ++
 app/models/user.rb        | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/models/orvos_model.rb b/app/models/orvos_model.rb
index 6601216980..74f77b10ac 100644
--- a/app/models/orvos_model.rb
+++ b/app/models/orvos_model.rb
@@ -32,12 +32,14 @@ class OrvosModel < ActiveRecord::Base
 
   def permission_to_update
     return false unless current_user
+    return true if current_user.is_admin
     if self.owner_changed? and
         self.owner_was != current_user.uuid and
         0 == Link.where(link_class: 'permission',
                         name: 'can_pillage',
                         tail_uuid: self.owner,
                         head_uuid: current_user.uuid).count
+      logger.warn "User #{current_user.uuid} tried to change owner of #{self.class.to_s} #{self.uuid} to #{self.owner}"
       return false
     end
     self.owner == current_user.uuid or
diff --git a/app/models/user.rb b/app/models/user.rb
index a09a44756a..08663f61d5 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -23,9 +23,10 @@ class User < OrvosModel
   protected
 
   def prevent_privilege_escalation
-    if self.is_admin_changed?
+    if self.is_admin_changed? and !current_user.is_admin
       if current_user.uuid == self.uuid
         if self.is_admin != self.is_admin_was
+          logger.warn "User #{self.uuid} tried to change is_admin from #{self.is_admin_was} to #{self.is_admin}"
           self.is_admin = self.is_admin_was
         end
       end
-- 
2.30.2