In-Portal Issue Tracker - In-Portal CMS
|
|||||
Viewing Issue Advanced Details | |||||
|
|||||
ID: | Category: | Type: | Reproducibility: | Date Submitted: | Last Update: |
14 | [In-Portal CMS] Security | bug report | always | 2009-05-18 10:48 | 2010-07-22 15:06 |
|
|||||
Reporter: | alex | Platform: | |||
Assigned To: | alex | OS: | |||
Priority: | normal | OS Version: | |||
Status: | closed | Product Version: | 5.0.0 | ||
Product Build: | Resolution: | fixed | |||
ETA: | none | Fixed in Version: | 5.1.0-B1 | ||
Reference: | |||||
Change Log Message: | |||||
Estimate Points: | 0 | ||||
|
|||||
Summary: | 0000014: Check ADD/EDIT Permissions in Section drop-down | ||||
Description: |
Check for ADD/EDIT Permissions in Section drop-down on General tab of Add/Edit items. Currently you can add/edit to Section that you have no permissions to add/edit. |
||||
Steps To Reproduce: | |||||
Additional Information: |
Implementation Steps: 1. Create NEW tag to glue (using "-") together all values from following SQL: SELECT * FROM Permissions WHERE (Type = 0) AND (Permission LIKE '%.VIEW' OR Permission LIKE '%.ADD' OR Permission LIKE '%.DELETE' OR Permission LIKE '%.MODIFY') 2. Get Groups of current User. 3. Create array keys for (for each group) which will be checked in generated above array. 4. Check ADD permissions to Add a new item, Check MODIFY permission to Edit an item. First part of permissions (LINK, NEWS, и etc) get by Prefix from unit config: ItemPermPrefix option. 5. After all checked we know list of Sections where User can Add/Edit items. 6. Using JSONHelper output that Array as a Tag result. 7. At the bottom of template using JQuery go through all <SELECT> Options of ParentId/CategoryId field and DISABLE the ones that do NOT have permissions from the above Array. |
||||
Relationships | |||||
Attached Files: |
sections_dropdown_modules.patch (3,184) 2010-03-03 13:05 http://tracker.in-portal.org/file_download.php?file_id=323&type=bug sections_dropdown_core.patch (6,209) 2010-03-03 13:05 http://tracker.in-portal.org/file_download.php?file_id=324&type=bug |
||||
|
|||||
Issue History | |||||
Date Modified | Username | Field | Change | ||
2010-07-22 15:06 | alex | Note Added: 0002541 | |||
2010-07-22 15:06 | alex | Status | resolved => closed | ||
2010-04-28 08:10 | alex | Note Added: 0002016 | |||
2010-04-28 08:10 | alex | Status | reviewed and tested => resolved | ||
2010-04-28 08:10 | alex | Fixed in Version | => 5.1.0-B1 | ||
2010-04-28 08:10 | alex | Resolution | open => fixed | ||
2010-04-28 08:10 | alex | Assigned To | !COMMUNITY => alex | ||
2010-04-28 08:10 | alex | Changeset attached | 5.1.x r13461 | ||
2010-04-28 08:09 | alex | Changeset attached | 5.1.x r13460 | ||
2010-04-28 08:08 | alex | Changeset attached | 5.1.x r13459 | ||
2010-04-28 08:08 | alex | Changeset attached | 5.1.x r13458 | ||
2010-04-28 08:07 | alex | Changeset attached | 5.1.x r13457 | ||
2010-04-28 07:36 | Dmitry | Note Added: 0002014 | |||
2010-04-28 07:36 | Dmitry | Status | needs testing => reviewed and tested | ||
2010-04-28 07:22 | alex | Note Added: 0002013 | |||
2010-04-28 07:22 | alex | Assigned To | alex => !COMMUNITY | ||
2010-04-28 07:22 | alex | Status | needs work => needs testing | ||
2010-04-27 18:39 | Dmitry | Note Added: 0001995 | |||
2010-04-27 18:39 | Dmitry | Assigned To | !COMMUNITY => alex | ||
2010-04-27 18:39 | Dmitry | Status | needs testing => needs work | ||
2010-03-03 13:05 | alex | Time Estimate Removed | 1 => | ||
2010-03-03 13:05 | alex | Assigned To | => !COMMUNITY | ||
2010-03-03 13:05 | alex | Developer | => alex | ||
2010-03-03 13:05 | alex | Status | active => needs testing | ||
2010-03-03 13:05 | alex | File Added: sections_dropdown_core.patch | |||
2010-03-03 13:05 | alex | File Added: sections_dropdown_modules.patch | |||
2010-01-12 11:33 | alex | Time Estimate Added | 1 | ||
2009-10-03 07:53 | administrator | Status | reviewed and tested => active | ||
2009-09-29 09:03 | alex | Patch Status | => Not Used | ||
2009-09-29 09:03 | alex | Reporter | administrator => alex | ||
2009-08-03 15:58 | Dmitry | Status | active => reviewed and tested | ||
2009-08-03 15:58 | Dmitry | Target Version | 5.0.1 => 5.1.0 | ||
2009-05-18 14:06 | alex | Additional Information Updated | bug_revision_view_page.php?rev_id=22#r22 | ||
2009-05-18 10:55 | administrator | Type | refactoring => bug report | ||
2009-05-18 10:48 | administrator | New Issue |
Notes | |||||
|
|||||
|
|
||||
|
|||||
|
|
||||
|
|||||
|
|
||||
|
|||||
|
|
||||
|
|||||
|
|