In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!

Dependency Graph

[ View Issue ] [ Relation Graph ] [ Vertical ]

Viewing Issue Simple Details
ID	Category	Type	Reproducibility	Date Submitted	Last Update
0000014	[In-Portal CMS] Security	bug report	always	2009-05-18 10:48	2010-07-22 15:06

Reporter	alex	View Status	public
Assigned To	alex
Priority	normal	Resolution	fixed
Status	closed

Summary	0000014: Check ADD/EDIT Permissions in Section drop-down
Description	Check for ADD/EDIT Permissions in Section drop-down on General tab of Add/Edit items. Currently you can add/edit to Section that you have no permissions to add/edit.
Additional Information	Implementation Steps: 1. Create NEW tag to glue (using "-") together all values from following SQL: SELECT * FROM Permissions WHERE (Type = 0) AND (Permission LIKE '%.VIEW' OR Permission LIKE '%.ADD' OR Permission LIKE '%.DELETE' OR Permission LIKE '%.MODIFY') 2. Get Groups of current User. 3. Create array keys for (for each group) which will be checked in generated above array. 4. Check ADD permissions to Add a new item, Check MODIFY permission to Edit an item. First part of permissions (LINK, NEWS, и etc) get by Prefix from unit config: ItemPermPrefix option. 5. After all checked we know list of Sections where User can Add/Edit items. 6. Using JSONHelper output that Array as a Tag result. 7. At the bottom of template using JQuery go through all <SELECT> Options of ParentId/CategoryId field and DISABLE the ones that do NOT have permissions from the above Array.