In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!

Viewing Issue Advanced Details Jump to Notes ] Wiki ]  Related Changesets ] View Simple ] Issue History ] Print ]
ID Category Type Reproducibility Date Submitted Last Update
0000425 [In-Portal CMS] Database bug report always 2009-11-16 19:33 2010-01-11 22:01
Reporter Dmitry View Status public Project Name In-Portal CMS
Assigned To alex Developer
Priority normal Resolution fixed Platform
Status closed   OS
  OS Version
ETA none Fixed in Version 5.0.2-B1 Product Version 5.0.1
  Target Version 5.0.2 Product Build
Time EstimateNo estimate
Summary 0000425: Check and fix issue with "Read-Only" mode
Description We need to carefully review all section for "Read-Only" permission.

So far it was found that FCK (add/delete), Tools (Backup, Restore, Run SQL) sections are ignoring this permission check.

In some cases like Backup/restore it's better to completely restrict user from executing all related events.
Steps To Reproduce
Additional Information
Tags No tags attached.
Reference
Change Log Message
Estimate Points 0
Attached Files patch file icon read_only_permission_checks.patch [^] (24,606 bytes) 2009-11-18 12:42 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
User avatar (0001169)
Dmitry (manager)
2009-12-20 01:06

TESTED OK and can be COMMITTED!


NOTE that patch for content_eh.php shouldn't be applied here since already in repository:

http://source.in-portal.org/in-portal/branches/5.0.x/core/units/content/content_eh.php?r1=12734&r2=12948



PATCH part to be Excluded:

Index: core/units/content/content_eh.php
===================================================================
--- core/units/content/content_eh.php (revision 12940)
+++ core/units/content/content_eh.php (working copy)
@@ -29,7 +29,8 @@
             $user_id = $this->Application->RecallVar('user_id');
 
             // user can change top category
- $perm_status = $perm_helper->CheckUserPermission($user_id, 'CATEGORY.MODIFY', 0, 0);
+ $top_category = $this->Application->findModule('Name', 'Core', 'RootCat');
+ $perm_status = $perm_helper->CheckUserPermission($user_id, 'CATEGORY.MODIFY', 0, $top_category);
 
             return $perm_helper->finalizePermissionCheck($event, $perm_status);
         }
User avatar (0001190)
alex (manager)
2009-12-20 07:11

Fix committed to 5.0.x branch. Commit Message:

Fixes 0000425: Check and fix issue with "Read-Only" mode
User avatar (0001306)
Dmitry (manager)
2010-01-11 22:01

Closing completed tasks.

- Related Changesets
Modules :: In-Link: 5.0.x r12963
Timestamp: 2009-12-20 07:13:25
Author: alex
Details ] Diff ]
Bug 0000425: Check and fix issue with "Read-Only" mode
mod - /modules/in-link/branches/5.0.x/units/link_validation/link_validation_eh.php Diff ] File ]
Modules :: In-Commerce: 5.0.x r12962
Timestamp: 2009-12-20 07:12:59
Author: alex
Details ] Diff ]
Bug 0000425: Check and fix issue with "Read-Only" mode
mod - /w/in-commerce/branches/5.0.x/units/affiliate_payment_types/affiliate_payment_types_event_handler.php Diff ] File ]
mod - /w/in-commerce/branches/5.0.x/units/affiliate_plans/affiliate_plans_event_handler.php Diff ] File ]
mod - /w/in-commerce/branches/5.0.x/units/affiliates/affiliates_event_handler.php Diff ] File ]
mod - /w/in-commerce/branches/5.0.x/units/currencies/currencies_event_handler.php Diff ] File ]
mod - /w/in-commerce/branches/5.0.x/units/orders/orders_event_handler.php Diff ] File ]
In-Portal CMS: 5.0.x r12960
Timestamp: 2009-12-20 07:11:53
Author: alex
Details ] Diff ]
Fixes 0000425: Check and fix issue with "Read-Only" mode
mod - /in-portal/branches/5.0.x/core/kernel/db/cat_event_handler.php Diff ] File ]
mod - /in-portal/branches/5.0.x/core/kernel/db/db_event_handler.php Diff ] File ]
mod - /in-portal/branches/5.0.x/core/units/categories/categories_event_handler.php Diff ] File ]
mod - /in-portal/branches/5.0.x/core/units/config_search/config_search_event_handler.php Diff ] File ]
mod - /in-portal/branches/5.0.x/core/units/configuration/configuration_event_handler.php Diff ] File ]
mod - /in-portal/branches/5.0.x/core/units/email_events/email_events_event_handler.php Diff ] File ]
mod - /in-portal/branches/5.0.x/core/units/fck/fck_eh.php Diff ] File ]
mod - /in-portal/branches/5.0.x/core/units/forms/forms_eh.php Diff ] File ]
mod - /in-portal/branches/5.0.x/core/units/images/image_event_handler.php Diff ] File ]
mod - /in-portal/branches/5.0.x/core/units/languages/languages_event_handler.php Diff ] File ]
mod - /in-portal/branches/5.0.x/core/units/modules/modules_event_handler.php Diff ] File ]
mod - /in-portal/branches/5.0.x/core/units/skins/skin_eh.php Diff ] File ]
mod - /in-portal/branches/5.0.x/core/units/themes/themes_eh.php Diff ] File ]
mod - /in-portal/branches/5.0.x/core/units/users/users_event_handler.php Diff ] File ]

- Issue History
Date Modified Username Field Change
2010-01-11 22:01 Dmitry Note Added: 0001306
2010-01-11 22:01 Dmitry Status resolved => closed
2009-12-20 07:13 alex Changeset attached 5.0.x r12963
2009-12-20 07:13 alex Changeset attached 5.0.x r12962
2009-12-20 07:12 alex Changeset attached 5.0.x r12961
2009-12-20 07:11 alex Note Added: 0001190
2009-12-20 07:11 alex Status reviewed and tested => resolved
2009-12-20 07:11 alex Fixed in Version => 5.0.2-B1
2009-12-20 07:11 alex Resolution open => fixed
2009-12-20 07:11 alex Changeset attached 5.0.x r12960
2009-12-20 01:06 Dmitry Note Added: 0001169
2009-12-20 01:06 Dmitry Assigned To !COMMUNITY => alex
2009-12-20 01:06 Dmitry Status needs testing => reviewed and tested
2009-11-18 12:43 alex Assigned To alex => !COMMUNITY
2009-11-18 12:43 alex Status needs work => needs testing
2009-11-18 12:42 alex File Added: read_only_permission_checks.patch
2009-11-16 19:33 Dmitry New Issue
2009-11-16 19:33 Dmitry Status active => needs work
2009-11-16 19:33 Dmitry Assigned To => alex



Web Development by Intechnic
In-Portal Open Source CMS
In-Portal Open Source CMS
Copyright © 2000 - 2009 MantisBT Group

Powered by Mantis Bugtracker