In-Portal Issue Tracker - In-Portal CMS
Viewing Issue Advanced Details
75 [In-Portal CMS] Security feature request N/A 2009-06-15 01:54 2012-07-25 05:32
alex  
alex  
normal  
closed 5.0.0  
fixed  
 
none 5.2.0-B1  
1
0000075: Denial permissions for "root" user
Currently permissions are checked for all users except root. When attempt is made to check permission for "root" user, then "kPermissionHelper::CheckUserPermission" method always returns "true". This all works until someone add denial type permission. When this happens, then "root" given permission will be automatically denied for him and that breaks logic, that everything is allowed to "root".

To solve this problem I propose to add ":deny"/".deny" at the end of permission name. When actual permission check is made and we are checking for "root"'s user permission, then for ":deny"/".deny" at the end:

if ($user_id == -1) {
    return substr($name, -5) == '.deny' ? false : true;
}
patch denial_permissions_75.patch (460) 2011-11-02 11:23
http://tracker.in-portal.org/file_download.php?file_id=1287&type=bug
patch denial_permissions_v2.patch (5,510) 2011-11-03 06:33
http://tracker.in-portal.org/file_download.php?file_id=1297&type=bug
Issue History
2012-07-25 05:32 alex Note Added: 0005062
2012-07-25 05:32 alex Status resolved => closed
2011-11-03 06:34 alex Note Added: 0004131
2011-11-03 06:34 alex Status reviewed and tested => resolved
2011-11-03 06:34 alex Fixed in Version => 5.2.0-B1
2011-11-03 06:34 alex Resolution open => fixed
2011-11-03 06:34 alex Assigned To !COMMUNITY => alex
2011-11-03 06:34 alex Changeset attached 5.2.x r14731
2011-11-03 06:34 alex Note Added: 0004130
2011-11-03 06:34 alex Assigned To alex => !COMMUNITY
2011-11-03 06:34 alex Status needs testing => reviewed and tested
2011-11-03 06:33 alex File Added: denial_permissions_v2.patch
2011-11-02 11:24 erik Time Estimate Removed 1 =>
2011-11-02 11:24 erik Note Added: 0004120
2011-11-02 11:24 erik Assigned To erik => alex
2011-11-02 11:24 erik Developer => erik
2011-11-02 11:24 erik Status needs work => needs testing
2011-11-02 11:23 erik File Added: denial_permissions_75.patch
2011-10-22 05:24 alex Estimate Points => 1
2011-10-21 09:09 Dmitry Assigned To => erik
2011-10-21 09:09 Dmitry Status active => needs work
2011-09-27 05:06 alex Time Estimate Added 1
2011-09-23 21:59 Dmitry Target Version Icebox => 5.2.0
2009-06-15 23:38 Dmitry Target Version => Icebox
2009-06-15 01:54 alex New Issue

Notes
(0004120)
erik   
2011-11-02 11:24   
patch attached - needs testing
(0004130)
alex   
2011-11-03 06:34   
Works, but 1 not needed space was added ("condition1 || condition2" instead of "condition1 || condition2").
(0004131)
alex   
2011-11-03 06:34   
Fix committed to 5.2.x branch. Commit Message:

Fixes 0000075: Denial permissions for "root" user
Commit on behalf of Erik
(0005062)
alex   
2012-07-25 05:32   
Since 5.2.0 version was released.