Actions
Bug #2720
closed
J1.7: Backend: Misconfigured super-users which are in other groups as well (e.g. Registered) don't see groups above registered in user edit
Description
cbacl::get_groups_below_me()
and cb.core.php line 3636 (maybe this could use the acl-function instead of duplicating the code ?)
should not remove anything if a user IS super-admin:
// remove users 'above' me
$i = 0;
while ( $i < count( $gtree ) ) {
if ( in_array( $gtree[$i]->value, $ex_groups ) ) {
array_splice( $gtree, $i, 1 );
} else {
$i++;
}
}
Files
Updated by beat over 12 years ago
- Subject changed from J1.6/1.7: Backend: Miconfigured super-users which are in other groups as well (e.g. Registered) don't see groups above registered in user edit to J1.6/1.7: Backend: Misconfigured super-users which are in other groups as well (e.g. Registered) don't see groups above registered in user edit
Actions
#2
Updated by krileon over 12 years ago
- File 2720-pt1.patch 2720-pt1.patch added
- File 2720-pt2.patch 2720-pt2.patch added
- Status changed from New to Resolved
- Assignee changed from krileon to beat
- % Done changed from 0 to 100
get_groups_below_me first had to be fixed to properly get the groups below someone. I've fixed it to loop through the users groups and uniquely add them to an array then parse out those that the user doesn't have permission for from a select drop-down object array. This is the same methods used in GJ 2.4 tested working (which can be removed once this is added to CB core).
Updated by beat over 12 years ago
- Subject changed from J1.6/1.7: Backend: Misconfigured super-users which are in other groups as well (e.g. Registered) don't see groups above registered in user edit to J1.7: Backend: Misconfigured super-users which are in other groups as well (e.g. Registered) don't see groups above registered in user edit
- Status changed from Resolved to Closed
Fixed in r1581 similar and equivalent to proposed patch.
Thanks Kyle.
Actions