In-Portal Issue Tracker - In-Portal CMS
Viewing Issue Advanced Details
ID: Category: Type: Reproducibility: Date Submitted: Last Update:
425 [In-Portal CMS] Database bug report always 2009-11-16 19:33 2010-01-11 22:01
Reporter: Dmitry Platform:  
Assigned To: alex OS:  
Priority: normal OS Version:  
Status: closed Product Version: 5.0.1  
Product Build: Resolution: fixed  
 
ETA: none Fixed in Version: 5.0.2-B1  
Reference:
Change Log Message:
Estimate Points: 0
Summary: 0000425: Check and fix issue with "Read-Only" mode
Description: We need to carefully review all section for "Read-Only" permission.

So far it was found that FCK (add/delete), Tools (Backup, Restore, Run SQL) sections are ignoring this permission check.

In some cases like Backup/restore it's better to completely restrict user from executing all related events.
Steps To Reproduce:
Additional Information:
Relationships
Attached Files: patch read_only_permission_checks.patch (24,606) 2009-11-18 12:42
http://tracker.in-portal.org/file_download.php?file_id=148&type=bug
Issue History
Date Modified Username Field Change
2010-01-11 22:01 Dmitry Note Added: 0001306
2010-01-11 22:01 Dmitry Status resolved => closed
2009-12-20 07:13 alex Changeset attached 5.0.x r12963
2009-12-20 07:13 alex Changeset attached 5.0.x r12962
2009-12-20 07:12 alex Changeset attached 5.0.x r12961
2009-12-20 07:11 alex Note Added: 0001190
2009-12-20 07:11 alex Status reviewed and tested => resolved
2009-12-20 07:11 alex Fixed in Version => 5.0.2-B1
2009-12-20 07:11 alex Resolution open => fixed
2009-12-20 07:11 alex Changeset attached 5.0.x r12960
2009-12-20 01:06 Dmitry Note Added: 0001169
2009-12-20 01:06 Dmitry Assigned To !COMMUNITY => alex
2009-12-20 01:06 Dmitry Status needs testing => reviewed and tested
2009-11-18 12:43 alex Assigned To alex => !COMMUNITY
2009-11-18 12:43 alex Status needs work => needs testing
2009-11-18 12:42 alex File Added: read_only_permission_checks.patch
2009-11-16 19:33 Dmitry New Issue
2009-11-16 19:33 Dmitry Status active => needs work
2009-11-16 19:33 Dmitry Assigned To => alex

Notes
(0001169)
Dmitry   
2009-12-20 01:06   
TESTED OK and can be COMMITTED!


NOTE that patch for content_eh.php shouldn't be applied here since already in repository:

http://source.in-portal.org/in-portal/branches/5.0.x/core/units/content/content_eh.php?r1=12734&r2=12948



PATCH part to be Excluded:

Index: core/units/content/content_eh.php
===================================================================
--- core/units/content/content_eh.php (revision 12940)
+++ core/units/content/content_eh.php (working copy)
@@ -29,7 +29,8 @@
             $user_id = $this->Application->RecallVar('user_id');
 
             // user can change top category
- $perm_status = $perm_helper->CheckUserPermission($user_id, 'CATEGORY.MODIFY', 0, 0);
+ $top_category = $this->Application->findModule('Name', 'Core', 'RootCat');
+ $perm_status = $perm_helper->CheckUserPermission($user_id, 'CATEGORY.MODIFY', 0, $top_category);
 
             return $perm_helper->finalizePermissionCheck($event, $perm_status);
         }
(0001190)
alex   
2009-12-20 07:11   
Fix committed to 5.0.x branch. Commit Message:

Fixes 0000425: Check and fix issue with "Read-Only" mode
(0001306)
Dmitry   
2010-01-11 22:01   
Closing completed tasks.