In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!

Viewing Issue Simple Details Jump to Notes ] Wiki ]  Related Changesets ] View Advanced ] Issue History ] Print ]
ID Category Type Reproducibility Date Submitted Last Update
0000014 [In-Portal CMS] Security bug report always 2009-05-18 10:48 2010-07-22 15:06
Reporter alex View Status public Project Name In-Portal CMS
Assigned To alex Developer
Priority normal Resolution fixed Fixed in Version 5.1.0-B1
Status closed Product Version 5.0.0 Target Version 5.1.0
Time EstimateNo estimate
Summary 0000014: Check ADD/EDIT Permissions in Section drop-down
Description Check for ADD/EDIT Permissions in Section drop-down on General tab of Add/Edit items.

Currently you can add/edit to Section that you have no permissions to add/edit.
Additional Information Implementation Steps:


1. Create NEW tag to glue (using "-") together all values from following SQL:

SELECT *
FROM Permissions
WHERE (Type = 0) AND (Permission LIKE '%.VIEW' OR Permission LIKE '%.ADD' OR Permission LIKE '%.DELETE' OR Permission LIKE '%.MODIFY')

2. Get Groups of current User.

3. Create array keys for (for each group) which will be checked in generated above array.

4. Check ADD permissions to Add a new item, Check MODIFY permission to Edit an item. First part of permissions (LINK, NEWS, и etc) get by Prefix from unit config: ItemPermPrefix option.

5. After all checked we know list of Sections where User can Add/Edit items.

6. Using JSONHelper output that Array as a Tag result.

7. At the bottom of template using JQuery go through all <SELECT> Options of ParentId/CategoryId field and DISABLE the ones that do NOT have permissions from the above Array.
Tags No tags attached.
Reference
Change Log Message
Estimate Points 0
Attached Files patch file icon sections_dropdown_modules.patch [^] (3,184 bytes) 2010-03-03 13:05 [Show Content]
patch file icon sections_dropdown_core.patch [^] (6,209 bytes) 2010-03-03 13:05 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
User avatar (0001995)
Dmitry (manager)
2010-04-27 18:39

Patch works okay on described functionality.


But I get the following Fatal when I login as Admin, edit the Section and go to the Permission tab:


Fatal Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' 0, 1) AS Inherited, IF(p.PermissionValue IS NOT NULL, p.PermissionValue,' at line 8 (1064) [SELECT pc.PermissionName, pc.Description, IF (tmp_p.PermissionValue IS NULL AND p.PermissionValue IS NULL, 0, IF (tmp_p.PermissionValue IS NOT NULL, tmp_p.PermissionValue, p.PermissionValue) ) AS Value, IF (tmp_p.CatId IS NOT NULL, tmp_p.CatId, IF(p.CatId IS NOT NULL, p.CatId, 0) ) AS InheritedFrom, IF(tmp_p.CatId = , 0, 1) AS Inherited, IF(p.PermissionValue IS NOT NULL, p.PermissionValue, 0) AS InheritedValue FROM PermissionConfig pc LEFT JOIN Permissions p ON (p.Permission = pc.PermissionName) AND (0) AND (p.GroupId = 11) LEFT JOIN ses_476081267_7_edit_Permissions tmp_p ON (tmp_p.Permission = pc.PermissionName) AND (tmp_p.CatId = 0) AND (tmp_p.GroupId = 11) WHERE Mo #615421469 in /home/simone/web/dev/SVN/5.1.x/core/kernel/application.php on line 2623
User avatar (0002013)
alex (manager)
2010-04-28 07:22

Can't replicate.
User avatar (0002014)
Dmitry (manager)
2010-04-28 07:36

Tested ok.

Previously reported bug can't be replicated.
User avatar (0002016)
alex (manager)
2010-04-28 08:10

Fix committed to 5.1.x branch. Commit Message:

Fixes 0000014: Check ADD/EDIT Permissions in Section drop-down
User avatar (0002541)
alex (manager)
2010-07-22 15:06

Closing, since 5.1.0 release has been released.

- Related Changesets
In-Portal CMS: 5.1.x r13461
Timestamp: 2010-04-28 08:10:19
Author: alex
Details ] Diff ]
Fixes 0000014: Check ADD/EDIT Permissions in Section drop-down
mod - /in-portal/branches/5.1.x/core/admin_templates/categories/categories_edit.tpl Diff ] File ]
mod - /in-portal/branches/5.1.x/core/admin_templates/js/script.js Diff ] File ]
mod - /in-portal/branches/5.1.x/core/kernel/db/cat_tag_processor.php Diff ] File ]
mod - /in-portal/branches/5.1.x/core/units/categories/categories_tag_processor.php Diff ] File ]
mod - /in-portal/branches/5.1.x/core/units/helpers/permissions_helper.php Diff ] File ]
Modules :: In-News: 5.1.x r13460
Timestamp: 2010-04-28 08:09:01
Author: alex
Details ] Diff ]
Bug 0000014: Check ADD/EDIT Permissions in Section drop-down
mod - /modules/in-news/branches/5.1.x/admin_templates/articles/articles_edit.tpl Diff ] File ]
Modules :: In-Link: 5.1.x r13459
Timestamp: 2010-04-28 08:08:46
Author: alex
Details ] Diff ]
Bug 0000014: Check ADD/EDIT Permissions in Section drop-down
mod - /modules/in-link/branches/5.1.x/admin_templates/links/links_edit.tpl Diff ] File ]
Modules :: In-Commerce: 5.1.x r13458
Timestamp: 2010-04-28 08:08:35
Author: alex
Details ] Diff ]
Bug 0000014: Check ADD/EDIT Permissions in Section drop-down
mod - /w/in-commerce/branches/5.1.x/admin_templates/products/products_edit.tpl Diff ] File ]
Modules :: In-Bulletin: 5.1.x r13457
Timestamp: 2010-04-28 08:07:36
Author: alex
Details ] Diff ]
Bug 0000014: Check ADD/EDIT Permissions in Section drop-down
mod - /modules/in-bulletin/branches/5.1.x/admin_templates/topics/topics_edit.tpl Diff ] File ]

- Issue History
Date Modified Username Field Change
2010-07-22 15:06 alex Note Added: 0002541
2010-07-22 15:06 alex Status resolved => closed
2010-04-28 08:10 alex Note Added: 0002016
2010-04-28 08:10 alex Status reviewed and tested => resolved
2010-04-28 08:10 alex Fixed in Version => 5.1.0-B1
2010-04-28 08:10 alex Resolution open => fixed
2010-04-28 08:10 alex Assigned To !COMMUNITY => alex
2010-04-28 08:10 alex Changeset attached 5.1.x r13461
2010-04-28 08:09 alex Changeset attached 5.1.x r13460
2010-04-28 08:08 alex Changeset attached 5.1.x r13459
2010-04-28 08:08 alex Changeset attached 5.1.x r13458
2010-04-28 08:07 alex Changeset attached 5.1.x r13457
2010-04-28 07:36 Dmitry Note Added: 0002014
2010-04-28 07:36 Dmitry Status needs testing => reviewed and tested
2010-04-28 07:22 alex Note Added: 0002013
2010-04-28 07:22 alex Assigned To alex => !COMMUNITY
2010-04-28 07:22 alex Status needs work => needs testing
2010-04-27 18:39 Dmitry Note Added: 0001995
2010-04-27 18:39 Dmitry Assigned To !COMMUNITY => alex
2010-04-27 18:39 Dmitry Status needs testing => needs work
2010-03-03 13:05 alex Time Estimate Removed 1 =>
2010-03-03 13:05 alex Assigned To => !COMMUNITY
2010-03-03 13:05 alex Developer => alex
2010-03-03 13:05 alex Status active => needs testing
2010-03-03 13:05 alex File Added: sections_dropdown_core.patch
2010-03-03 13:05 alex File Added: sections_dropdown_modules.patch
2010-01-12 11:33 alex Time Estimate Added 1
2009-10-03 07:53 administrator Status reviewed and tested => active
2009-09-29 09:03 alex Patch Status => Not Used
2009-09-29 09:03 alex Reporter administrator => alex
2009-08-03 15:58 Dmitry Status active => reviewed and tested
2009-08-03 15:58 Dmitry Target Version 5.0.1 => 5.1.0
2009-05-18 14:06 alex Additional Information Updated View Revisions
2009-05-18 10:55 administrator Type refactoring => bug report
2009-05-18 10:48 administrator New Issue



Web Development by Intechnic
In-Portal Open Source CMS
In-Portal Open Source CMS
Copyright © 2000 - 2009 MantisBT Group

Powered by Mantis Bugtracker