Project

General

Profile

Bug #2720

J1.7: Backend: Misconfigured super-users which are in other groups as well (e.g. Registered) don't see groups above registered in user edit

Added by beat about 9 years ago. Updated almost 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Start date:
17 August 2011
Due date:
% Done:

100%

Estimated time:
1:00 h

Description

cbacl::get_groups_below_me()

and cb.core.php line 3636 (maybe this could use the acl-function instead of duplicating the code ?)

should not remove anything if a user IS super-admin:

                // remove users 'above' me
                $i                            =    0;
                while ( $i < count( $gtree ) ) {
                    if ( in_array( $gtree[$i]->value, $ex_groups ) ) {
                        array_splice( $gtree, $i, 1 );
                    } else {
                        $i++;
                    }
                }
2720-pt1.patch (2.7 KB) 2720-pt1.patch krileon, 14 October 2011 09:59 PM
2720-pt2.patch (1.87 KB) 2720-pt2.patch krileon, 14 October 2011 09:59 PM

History

#1 Updated by beat about 9 years ago

  • Subject changed from J1.6/1.7: Backend: Miconfigured super-users which are in other groups as well (e.g. Registered) don't see groups above registered in user edit to J1.6/1.7: Backend: Misconfigured super-users which are in other groups as well (e.g. Registered) don't see groups above registered in user edit

#2 Updated by krileon about 9 years ago

get_groups_below_me first had to be fixed to properly get the groups below someone. I've fixed it to loop through the users groups and uniquely add them to an array then parse out those that the user doesn't have permission for from a select drop-down object array. This is the same methods used in GJ 2.4 tested working (which can be removed once this is added to CB core).

#3 Updated by beat almost 9 years ago

  • Subject changed from J1.6/1.7: Backend: Misconfigured super-users which are in other groups as well (e.g. Registered) don't see groups above registered in user edit to J1.7: Backend: Misconfigured super-users which are in other groups as well (e.g. Registered) don't see groups above registered in user edit
  • Status changed from Resolved to Closed

Fixed in r1581 similar and equivalent to proposed patch.

Thanks Kyle.

Also available in: Atom PDF