In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!

Dependency Graph View Issue ] Relation Graph ] Vertical ]
related to child of duplicate of

Viewing Issue Simple Details
ID Category Type Reproducibility Date Submitted Last Update
0000075 [In-Portal CMS] Security feature request N/A 2009-06-15 01:54 2012-07-25 05:32
Reporter alex View Status public  
Assigned To alex
Priority normal Resolution fixed  
Status closed      
Summary 0000075: Denial permissions for "root" user
Description Currently permissions are checked for all users except root. When attempt is made to check permission for "root" user, then "kPermissionHelper::CheckUserPermission" method always returns "true". This all works until someone add denial type permission. When this happens, then "root" given permission will be automatically denied for him and that breaks logic, that everything is allowed to "root".

To solve this problem I propose to add ":deny"/".deny" at the end of permission name. When actual permission check is made and we are checking for "root"'s user permission, then for ":deny"/".deny" at the end:

if ($user_id == -1) {
    return substr($name, -5) == '.deny' ? false : true;
}
Additional Information



Web Development by Intechnic
In-Portal Open Source CMS
In-Portal Open Source CMS
Copyright © 2000 - 2009 MantisBT Group

Powered by Mantis Bugtracker