Bug #3310

Permissions check of single user while administrator fails

Added by krileon about 2 years ago. Updated almost 2 years ago.

Status:ClosedStart date:02/28/2012
Priority:UrgentDue date:
Assignee:beat% Done:

100%

Category:-Estimated time:5.00 hours
Target version:CB 1.8.1

Description

The permissions check in get_users_permission fails in part due to $user_id not being defined and the gids check appears to also fail. Issue isn't present if user performing the action is a super user.

3310-p1.patch Magnifier (705 Bytes) krileon, 02/28/2012 08:01 pm

3310-p2.patch Magnifier (3.07 KB) krileon, 02/28/2012 08:01 pm

cb.acl.php Magnifier (36.1 KB) krileon, 02/28/2012 08:02 pm

cb.tables.php Magnifier (68.7 KB) krileon, 02/28/2012 08:02 pm


Related issues

Duplicated by CB - Bug #3313: CB User Manager does not have same permissions as Joomla ... Rejected 03/04/2012
Duplicated by CB - Bug #3312: CB 1.8 / J251 Notice when creating new backend user Rejected 03/04/2012

History

#1 Updated by krileon about 2 years ago

  • Subject changed from get_users_permission checks if user_id is self when not an array and var isn't defined to Permissions check of single user while administrator fails
  • Status changed from Resolved to Assigned
  • Assignee changed from beat to krileon
  • % Done changed from 100 to 50

#3 Updated by krileon about 2 years ago

  • File deleted (cb.acl.php.patch)

#4 Updated by krileon about 2 years ago

Resolved permissions issue, but then the below error becomes apparent.

Warning: array_diff() [function.array-diff]: Argument #1 is not an array in administrator/components/com_comprofiler/library/cb/cb.tables.php on line 151

It's due to $oldUserComplete->gids being null instead of an array for a new user.

#5 Updated by krileon about 2 years ago

  • File 3310-p1.patchMagnifier added
  • File 3310-p2.patchMagnifier added
  • Status changed from Assigned to Resolved
  • Assignee changed from krileon to beat
  • % Done changed from 50 to 100

$oldUserComplete is established in saveSafely, but no check is made to ensure gids is an array. Implemented changing of gids from null to array to prevent errors when directly establishing a new moscomprofilerUser then directly calling saveSafely.

#6 Updated by krileon about 2 years ago

Added pre-patched CB 1.8 Stable files for those needing immediate resolution (and further testing of patches). Those wanting to test simply copy, paste, and replace to the following location.

administrator/components/com_comprofiler/library/cb/

#7 Updated by beat about 2 years ago

  • Target version set to CB 1.8.1

#8 Updated by krileon almost 2 years ago

  • Priority changed from Normal to Urgent

#9 Updated by beat almost 2 years ago

  • Status changed from Resolved to Closed
  • Estimated time set to 5.00

r1803 commits this: testing required.

To Test:
- Try performing CB tasks in backend under various permissions settings.

Also available in: Atom PDF