Anonymous | Login | Signup for a new account | 2024-03-29 02:34 CDT |
Main | My View | View Issues | Change Log | Roadmap | Docs | Wiki | Repositories |
Dependency Graph | [ View Issue ] [ Relation Graph ] [ Vertical ] | |||
|
||||
|
Viewing Issue Simple Details | |||||
ID | Category | Type | Reproducibility | Date Submitted | Last Update |
0000075 | [In-Portal CMS] Security | feature request | N/A | 2009-06-15 01:54 | 2012-07-25 05:32 |
Reporter | alex | View Status | public | ||
Assigned To | alex | ||||
Priority | normal | Resolution | fixed | ||
Status | closed | ||||
Summary | 0000075: Denial permissions for "root" user | ||||
Description |
Currently permissions are checked for all users except root. When attempt is made to check permission for "root" user, then "kPermissionHelper::CheckUserPermission" method always returns "true". This all works until someone add denial type permission. When this happens, then "root" given permission will be automatically denied for him and that breaks logic, that everything is allowed to "root". To solve this problem I propose to add ":deny"/".deny" at the end of permission name. When actual permission check is made and we are checking for "root"'s user permission, then for ":deny"/".deny" at the end: if ($user_id == -1) { return substr($name, -5) == '.deny' ? false : true; } |
||||
Additional Information |
Main | My View | View Issues | Change Log | Roadmap | Docs | Wiki | Repositories |
Web Development by Intechnic In-Portal Open Source CMS |