Show the root user configuration to any superadmin when enabeld (joom…

…la#18135) * show the root user configuration to any superadmin when enabeld * Change text (#36) Change text to be consistent with documentation * Revert "Change text (#36)" (#37) This reverts commit 78b8bed.
brianteeman · Oct 5, 2017 · 4040b20 · 4040b20
1 parent 44059a5
commit 4040b20
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 10 deletions.
diff --git a/administrator/language/en-GB/en-GB.ini b/administrator/language/en-GB/en-GB.ini
@@ -949,7 +949,8 @@ JWARNING_ARCHIVE_MUST_SELECT="You must select at least one item to archive."
 JWARNING_UNPUBLISH_MUST_SELECT="You must select at least one item to unpublish."
 JWARNING_TRASH_MUST_SELECT="You must select at least one item to remove."
 JWARNING_DELETE_MUST_SELECT="You must select at least one item to permanently delete."
-JWARNING_REMOVE_ROOT_USER="You are logged-in using the emergency Root User setting in configuration.php.<br />You should remove $root_user from configuration.php as soon as you have restored control to your site to avoid future security breaches.<br /><a href='%s'>Select here to try to do it automatically.</a>"
+JWARNING_REMOVE_ROOT_USER="You are logged-in using the emergency Root User setting in configuration.php.<br />You should remove $root_user from the configuration.php as soon as you have restored control to your site to avoid future security breaches.<br /><a href='%s'>Select here to try to do it automatically.</a>"
+JWARNING_REMOVE_ROOT_USER_ADMIN="The emergency Root User setting is currently enabled for the user(id): %s.<br />You should remove $root_user from the configuration.php as soon as you have restored control to your site to avoid future security breaches.<br /><a href='%s'>Select here to try to do it automatically.</a>"
 
 ; Date format
 

diff --git a/libraries/src/Application/AdministratorApplication.php b/libraries/src/Application/AdministratorApplication.php
@@ -421,16 +421,30 @@ protected function render()
 		// Safety check for when configuration.php root_user is in use.
 		$rootUser = $this->get('root_user');
 
-		if (property_exists('\JConfig', 'root_user')
-			&& (\JFactory::getUser()->get('username') === $rootUser || \JFactory::getUser()->id === (string) $rootUser))
+		if (property_exists('\JConfig', 'root_user'))
 		{
-			$this->enqueueMessage(
-				\JText::sprintf(
-					'JWARNING_REMOVE_ROOT_USER',
-					'index.php?option=com_config&task=config.removeroot&' . \JSession::getFormToken() . '=1'
-				),
-				'notice'
-			);
+			if (\JFactory::getUser()->get('username') === $rootUser || \JFactory::getUser()->id === (string) $rootUser)
+			{
+				$this->enqueueMessage(
+					\JText::sprintf(
+						'JWARNING_REMOVE_ROOT_USER',
+						'index.php?option=com_config&task=config.removeroot&' . \JSession::getFormToken() . '=1'
+					),
+					'error'
+				);
+			}
+			// Show this message to superusers too
+			elseif (\JFactory::getUser()->authorise('core.admin'))
+			{
+				$this->enqueueMessage(
+					\JText::sprintf(
+						'JWARNING_REMOVE_ROOT_USER_ADMIN',
+						$rootUser,
+						'index.php?option=com_config&task=config.removeroot&' . \JSession::getFormToken() . '=1'
+					),
+					'error'
+				);
+			}
 		}
 
 		parent::render();