In-Portal Issue Tracker - In-Portal CMS
|
Viewing Issue Advanced Details |
|
ID:
|
Category:
|
Type:
|
Reproducibility:
|
Date Submitted:
|
Last Update:
|
75 |
[In-Portal CMS] Security |
feature request |
N/A |
2009-06-15 01:54 |
2012-07-25 05:32 |
|
Reporter:
|
alex |
Platform:
|
|
|
Assigned To:
|
alex |
OS:
|
|
|
Priority:
|
normal |
OS Version:
|
|
|
Status:
|
closed |
Product Version:
|
5.0.0 |
|
Product Build:
|
|
Resolution:
|
fixed |
|
|
ETA:
|
none |
Fixed in Version:
|
5.2.0-B1 |
|
Reference:
|
|
Change Log Message:
|
|
Estimate Points:
|
1 |
|
Summary:
|
0000075: Denial permissions for "root" user |
Description:
|
Currently permissions are checked for all users except root. When attempt is made to check permission for "root" user, then "kPermissionHelper::CheckUserPermission" method always returns "true". This all works until someone add denial type permission. When this happens, then "root" given permission will be automatically denied for him and that breaks logic, that everything is allowed to "root".
To solve this problem I propose to add ":deny"/".deny" at the end of permission name. When actual permission check is made and we are checking for "root"'s user permission, then for ":deny"/".deny" at the end:
if ($user_id == -1) {
return substr($name, -5) == '.deny' ? false : true;
} |
Steps To Reproduce:
|
|
Additional Information:
|
|
Relationships | |
Attached Files:
|
denial_permissions_75.patch (460) 2011-11-02 11:23 http://tracker.in-portal.org/file_download.php?file_id=1287&type=bug denial_permissions_v2.patch (5,510) 2011-11-03 06:33 http://tracker.in-portal.org/file_download.php?file_id=1297&type=bug |
|
Issue History |
Date Modified |
Username |
Field |
Change |
2012-07-25 05:32 |
alex |
Note Added: 0005062 |
|
2012-07-25 05:32 |
alex |
Status |
resolved => closed |
2011-11-03 06:34 |
alex |
Note Added: 0004131 |
|
2011-11-03 06:34 |
alex |
Status |
reviewed and tested => resolved |
2011-11-03 06:34 |
alex |
Fixed in Version |
=> 5.2.0-B1 |
2011-11-03 06:34 |
alex |
Resolution |
open => fixed |
2011-11-03 06:34 |
alex |
Assigned To |
!COMMUNITY => alex |
2011-11-03 06:34 |
alex |
Changeset attached |
5.2.x r14731 |
2011-11-03 06:34 |
alex |
Note Added: 0004130 |
|
2011-11-03 06:34 |
alex |
Assigned To |
alex => !COMMUNITY |
2011-11-03 06:34 |
alex |
Status |
needs testing => reviewed and tested |
2011-11-03 06:33 |
alex |
File Added: denial_permissions_v2.patch |
|
2011-11-02 11:24 |
erik |
Time Estimate Removed |
1 => |
2011-11-02 11:24 |
erik |
Note Added: 0004120 |
|
2011-11-02 11:24 |
erik |
Assigned To |
erik => alex |
2011-11-02 11:24 |
erik |
Developer |
=> erik |
2011-11-02 11:24 |
erik |
Status |
needs work => needs testing |
2011-11-02 11:23 |
erik |
File Added: denial_permissions_75.patch |
|
2011-10-22 05:24 |
alex |
Estimate Points |
=> 1 |
2011-10-21 09:09 |
Dmitry |
Assigned To |
=> erik |
2011-10-21 09:09 |
Dmitry |
Status |
active => needs work |
2011-09-27 05:06 |
alex |
Time Estimate Added |
1 |
2011-09-23 21:59 |
Dmitry |
Target Version |
Icebox => 5.2.0 |
2009-06-15 23:38 |
Dmitry |
Target Version |
=> Icebox |
2009-06-15 01:54 |
alex |
New Issue |
|
Notes |
|
(0004120)
|
erik
|
2011-11-02 11:24
|
|
patch attached - needs testing |
|
|
(0004130)
|
alex
|
2011-11-03 06:34
|
|
Works, but 1 not needed space was added ("condition1 || condition2" instead of "condition1 || condition2"). |
|
|
(0004131)
|
alex
|
2011-11-03 06:34
|
|
Fix committed to 5.2.x branch. Commit Message:
Fixes 0000075: Denial permissions for "root" user
Commit on behalf of Erik |
|
|
(0005062)
|
alex
|
2012-07-25 05:32
|
|
Since 5.2.0 version was released. |
|