adding system_usernames config value

2 files changed, 23 insertions, 0 deletions

diff --git a/FS/FS/Conf.pm b/FS/FS/Conf.pm
index 858dbbb9a..5a3a1059b 100644
--- a/FS/FS/Conf.pm
+++ b/FS/FS/Conf.pm
@@ -1158,6 +1158,12 @@ httemplate/docs/config.html
     'type'        => 'checkbox',
   },
 
+  {
+    'key'         => 'system_usernames'
+    'section'     => 'username',
+    'description' => 'A list of system usernames that cannot be edited or removed, one per line.  Use a bare username to prohibit modification/deletion of the username in any domain, or username@domain to prohibit modification/deletetion of a specific username and domain.',
+    'type'        => 'textarea',
+  },
 );
 
 1;
diff --git a/FS/FS/svc_acct.pm b/FS/FS/svc_acct.pm
index 20ad1a623..e7812bfe5 100644
--- a/FS/FS/svc_acct.pm
+++ b/FS/FS/svc_acct.pm
@@ -436,6 +436,8 @@ sub delete {
       if $self->uid && qsearch( 'svc_acct_sm', { 'domuid' => $self->uid } );
   }
 
+  return "can't delete system account" if $self->_check_system;
+
   return "Can't delete an account which is a (svc_forward) source!"
     if qsearch( 'svc_forward', { 'srcsvc' => $self->svcnum } );
 
@@ -524,6 +526,8 @@ sub replace {
   my $error;
   warn "$me replacing $old with $new\n" if $DEBUG;
 
+  return "can't modify system account" if $old->_check_system;
+
   return "Username in use"
     if $old->username ne $new->username &&
       qsearchs( 'svc_acct', { 'username' => $new->username,
@@ -625,6 +629,7 @@ Calls any export-specific suspend hooks.
 
 sub suspend {
   my $self = shift;
+  return "can't suspend system account" if $self->_check_system;
   my %hash = $self->hash;
   unless ( $hash{_password} =~ /^\*SUSPENDED\* /
            || $hash{_password} eq '*'
@@ -852,6 +857,18 @@ sub check {
   ''; #no error
 }
 
+=item _check_system
+ 
+=cut
+ 
+sub _check_system {
+  my $self = shift;
+  scalar( grep { $self->username eq $_ || $self->email eq $_ }
+               $conf->config('system_usernames')
+        );
+}
+
+
 =item radius
 
 Depriciated, use radius_reply instead.