Anonymous | Login | Signup for a new account | 2024-05-02 19:39 CDT |
Main | My View | View Issues | Change Log | Roadmap | Docs | Wiki | Repositories |
Dependency Graph | [ View Issue ] [ Relation Graph ] [ Vertical ] | |||
|
||||
|
Viewing Issue Simple Details | |||||
ID | Category | Type | Reproducibility | Date Submitted | Last Update |
0000014 | [In-Portal CMS] Security | bug report | always | 2009-05-18 10:48 | 2010-07-22 15:06 |
Reporter | alex | View Status | public | ||
Assigned To | alex | ||||
Priority | normal | Resolution | fixed | ||
Status | closed | ||||
Summary | 0000014: Check ADD/EDIT Permissions in Section drop-down | ||||
Description |
Check for ADD/EDIT Permissions in Section drop-down on General tab of Add/Edit items. Currently you can add/edit to Section that you have no permissions to add/edit. |
||||
Additional Information |
Implementation Steps: 1. Create NEW tag to glue (using "-") together all values from following SQL: SELECT * FROM Permissions WHERE (Type = 0) AND (Permission LIKE '%.VIEW' OR Permission LIKE '%.ADD' OR Permission LIKE '%.DELETE' OR Permission LIKE '%.MODIFY') 2. Get Groups of current User. 3. Create array keys for (for each group) which will be checked in generated above array. 4. Check ADD permissions to Add a new item, Check MODIFY permission to Edit an item. First part of permissions (LINK, NEWS, и etc) get by Prefix from unit config: ItemPermPrefix option. 5. After all checked we know list of Sections where User can Add/Edit items. 6. Using JSONHelper output that Array as a Tag result. 7. At the bottom of template using JQuery go through all <SELECT> Options of ParentId/CategoryId field and DISABLE the ones that do NOT have permissions from the above Array. |
Main | My View | View Issues | Change Log | Roadmap | Docs | Wiki | Repositories |
Web Development by Intechnic In-Portal Open Source CMS |