In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!

Viewing Issue Simple Details [ Jump to Notes ] [ Wiki ]

[ View Advanced ] [ Issue History ] [ Print ]

Category

Type

Reproducibility

Date Submitted

Last Update

0000025

[In-Portal CMS] Security

bug report

always

2009-05-20 14:50

2009-10-03 07:56

Reporter

alex

View Status

public

Project Name

In-Portal CMS

Assigned To

alex

Developer

Priority

normal

Resolution

fixed

Fixed in Version

5.0.0

Status

closed

Product Version

4.3.9

Target Version

5.0.0

Time Estimate

No estimate

Summary

0000025: Non-root user can't use copy/cut/paste buttons in catalog.

Description

For 5.0.0 release permission checking for category items and categories was changed. Now all events in temp tables are allowed, but other events (specified in event handler) are checked by individual logic.

Problem is, that OnCut, OnCopy, OnPaste, OnPasteClipboard events are not specified at all and that's why are denied for execution in any circumstances.

What permissions should be checked:
OnCut - delete right in category, where cut button was pressed.
OnCopy - no permission required, because it doesn't change data.
OnPaste, OnPasteClipboard - add right for category, where paste is performed.

Additional Information

Tags

No tags attached.

Reference

Change Log Message

Estimate Points

Attached Files

Relationships [ Relation Graph ] [ Dependency Graph ]

Notes
(0000015) alex (manager) 2009-05-27 03:04	Fix committed to RC branch. Commit Message:\n\n 1. Method "kDBEventHandler::StoreSelectedIDs" wasn't returning IDs, given using $direct_ids parameter. 2. Fixes 0000025: Non-root user can't use copy/cut/paste buttons in catalog. 3. Fixed "category status propagate" feature. Now it copies category StatusField value to all it's children. Before it was coping "Status" field value to all it's children, not "StatusField" field value, specified in unit config.

(0000609) administrator (administrator) 2009-10-03 07:56	Closing issues from 5.0.0 version, because version was already released.

Related Changesets
In-Portal CMS: RC r11821 Timestamp: 2009-05-27 03:04:24 Author: alex [ Details ] [ Diff ]	1. Method "kDBEventHandler::StoreSelectedIDs" wasn't returning IDs, given using $direct_ids parameter. 2. Fixes 0000025: Non-root user can't use copy/cut/paste buttons in catalog. 3. Fixed "category status propagate" feature. Now it copies category StatusField value to all it's children. Before it was coping "Status" field value to all it's children, not "StatusField" field value, specified in unit config.
	mod - /in-portal/branches/RC/core/kernel/db/db_event_handler.php	[ Diff ] [ File ]
	mod - /in-portal/branches/RC/core/units/categories/categories_event_handler.php	[ Diff ] [ File ]
	mod - /in-portal/branches/RC/core/units/general/cat_event_handler.php	[ Diff ] [ File ]

Issue History
Date Modified	Username	Field	Change
2009-10-03 07:56	administrator	Note Added: 0000609
2009-10-03 07:56	administrator	Status	resolved => closed
2009-10-03 07:39	administrator	Type	@80@ => bug report
2009-06-03 05:41	alex	Fixed in Version	5.0.1 => 5.0.0
2009-06-03 05:40	alex	Fixed in Version	=> 5.0.1
2009-05-27 03:04	alex	Note Added: 0000015
2009-05-27 03:04	alex	Status	reviewed and tested => resolved
2009-05-27 03:04	alex	Resolution	open => fixed
2009-05-27 03:04	alex	Changeset attached	RC r11821
2009-05-25 15:35	Dmitry	version	5.0.0 => 4.3.9
2009-05-20 14:51	alex	Status	active => reviewed and tested
2009-05-20 14:51	alex	Assigned To	=> alex
2009-05-20 14:51	alex	Target Version	=> 5.0.0
2009-05-20 14:50	alex	New Issue

Web Development by Intechnic

In-Portal Open Source CMS