Resolves #2190 Customer: Only administrators should be allowed to modify customers who are administrators

Author: Marcel Schmidt

src/Libraries/SmartStore.Data/Migrations/MigrationsConfiguration.cs

@@ -116,6 +116,10 @@ public void MigrateLocaleResources(LocaleResourcesBuilder builder)
 
             builder.AddOrUpdate("Admin.Configuration.Settings.GeneralCommon.DisplayAllows", "Show items for 'Allow'", "Einträge für 'Allow' anzeigen");
             builder.AddOrUpdate("Admin.Configuration.Settings.GeneralCommon.DisplayDisallows", "Show items for 'Disallow'", "Einträge für 'Disallow' anzeigen");
+           
+            builder.AddOrUpdate("Admin.Customers.CustomerRoles.OnlyAdminsAllowed",
+                "You do not have administrator rights, therefore you are not allowed to modify administrators.",
+                "Sie verfügen über keine Administratorenrechte, daher dürfen Sie Administratoren nicht modifzieren.");
         }
     }
 }

src/Presentation/SmartStore.Web/Administration/Controllers/CustomerController.cs

@@ -261,7 +261,7 @@ protected virtual void PrepareCustomerModelForEdit(CustomerModel model, Customer
             model.LastActivityDate = Services.DateTimeHelper.ConvertToUserTime(customer.LastActivityDateUtc, DateTimeKind.Utc);
             model.LastIpAddress = model.LastIpAddress;
             model.LastVisitedPage = customer.GetAttribute<string>(SystemCustomerAttributeNames.LastVisitedPage);
-            
+
             foreach (var tzi in Services.DateTimeHelper.GetSystemTimeZones())
             {
                 model.AvailableTimeZones.Add(new SelectListItem { Text = tzi.DisplayName, Value = tzi.Id, Selected = tzi.Id == model.TimeZoneId });
@@ -635,6 +635,12 @@ public ActionResult Edit(CustomerModel model, bool continueEditing, FormCollecti
                 return RedirectToAction("List");
             }
 
+            if (customer.IsAdmin() && !Services.WorkContext.CurrentCustomer.IsAdmin())
+            {
+                NotifyError(T("Admin.Customers.CustomerRoles.OnlyAdminsAllowed"));
+                return RedirectToAction("Edit", new { customer.Id });
+            }
+
             // Validate customer roles.
             var allowManagingCustomerRoles = Services.Permissions.Authorize(Permissions.Customer.EditRole);
 
@@ -906,11 +912,11 @@ public ActionResult Impersonate(int id)
             if (customer == null)
                 return RedirectToAction("List");
 
-            // ensure that a non-admin user cannot impersonate as an administrator
-            // otherwise, that user can simply impersonate as an administrator and gain additional administrative privileges
+            // Ensure that a non-admin user cannot impersonate as an administrator
+            // Otherwise, that user can simply impersonate as an administrator and gain additional administrative privileges
             if (!Services.WorkContext.CurrentCustomer.IsAdmin() && customer.IsAdmin())
             {
-                NotifyError("A non-admin user cannot impersonate as an administrator");
+                NotifyError(T("Admin.Customers.CustomerRoles.OnlyAdminsAllowed"));
                 return RedirectToAction("Edit", customer.Id);
             }
 
@@ -1207,7 +1213,7 @@ private void PrepareAddressModel(CustomerAddressModel model, Customer customer,
             model.Address.LastNameRequired = true;
             model.Address.EmailEnabled = true;
             model.Address.EmailRequired = true;
-            
+
             MiniMapper.Map(_addressSettings, model.Address);
 
             model.Address.AvailableCountries = _countryService.GetAllCountries(true)