Allow login-as for admin members, protect only super admin (member_srl=4)

Changed the restriction so admins can login as other admin accounts,
but member_srl 4 (super admin) is protected from impersonation.

Co-authored-by: Lastorder-DC <18280396+Lastorder-DC@users.noreply.github.com>

modules/member/member.admin.controller.php

@@ -1829,13 +1829,14 @@ class MemberAdminController extends Member
 			throw new Rhymix\Framework\Exceptions\InvalidRequest;
 		}
 
-		// Do not allow login as another admin
+		// Do not allow login as the super admin (member_srl = 4)
-		if($member_info->is_admin === 'Y')
+		if(intval($member_info->member_srl) === 4)
 		{
 			throw new Rhymix\Framework\Exceptions\NotPermitted;
 		}
 
 		// Perform login as the target member
+		// Session::login() sets the basic session variables, and setSessionInfo() populates Context with member details
 		Rhymix\Framework\Session::login($member_info->member_srl);
 		$oMemberController = getController('member');
 		$oMemberController->setSessionInfo();

modules/member/tpl/member_list.html

@@ -99,7 +99,7 @@
 				<td class="rx_detail_marks">{$member_info['group_list']}&nbsp;</td>
 				<td class="nowr">
 					<a href="{getUrl('', 'module', 'admin', 'act', 'dispMemberAdminInsert', 'member_srl', $member_info['member_srl'])}">{$lang->inquiry}/{$lang->cmd_modify}</a>
-					<!--@if($member_info['is_admin'] != 'Y')-->
+					<!--@if($member_info['member_srl'] != 4)-->
 					<a href="#" class="_login_as" data-member-srl="{$member_info['member_srl']}">{$lang->cmd_login_as}</a>
 					<!--@end-->
 				</td>