From: Art Cancro <ajc@citadel.org>
Date: Tue, 7 Sep 2010 20:01:29 +0000 (-0400)
Subject: cmd_invt_kick() is normally permitted when the room namespace matches the user number... 
X-Git-Tag: v8.01~739^2~1
X-Git-Url: https://code.citadel.org/?p=citadel.git;a=commitdiff_plain;h=ae1b7a3a9531d8be10de6e0ea9c79230fc7afb9c

cmd_invt_kick() is normally permitted when the room namespace matches the user number because it means the user owns the room.  Disable this when the namespace happens to be 0.
---

diff --git a/citadel/user_ops.c b/citadel/user_ops.c
index d68d3345b..989ce41b9 100644
--- a/citadel/user_ops.c
+++ b/citadel/user_ops.c
@@ -1557,8 +1557,9 @@ void cmd_invt_kick(char *iuser, int op) {
 	 * These commands are only allowed by aides, room aides,
 	 * and room namespace owners
 	 */
-	if (is_room_aide()
-	   || (atol(CC->room.QRname) == CC->user.usernum) ) {
+	if (is_room_aide()) {
+		/* access granted */
+	} else if ( ((atol(CC->room.QRname) == CC->user.usernum) ) && (CC->user.usernum != 0) ) {
 		/* access granted */
 	} else {
 		/* access denied */