Project

General

Profile

Actions

Bug #2720

closed

J1.7: Backend: Misconfigured super-users which are in other groups as well (e.g. Registered) don't see groups above registered in user edit

Added by beat over 13 years ago. Updated about 13 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Start date:
17 August 2011
Due date:
% Done:

100%

Estimated time:
1:00 h

Description

cbacl::get_groups_below_me()

and cb.core.php line 3636 (maybe this could use the acl-function instead of duplicating the code ?)

should not remove anything if a user IS super-admin:

                // remove users 'above' me
                $i                            =    0;
                while ( $i < count( $gtree ) ) {
                    if ( in_array( $gtree[$i]->value, $ex_groups ) ) {
                        array_splice( $gtree, $i, 1 );
                    } else {
                        $i++;
                    }
                }

Files

2720-pt1.patch (2.7 KB) 2720-pt1.patch krileon, 14 October 2011 21:59
2720-pt2.patch (1.87 KB) 2720-pt2.patch krileon, 14 October 2011 21:59
Actions #1

Updated by beat over 13 years ago

  • Subject changed from J1.6/1.7: Backend: Miconfigured super-users which are in other groups as well (e.g. Registered) don't see groups above registered in user edit to J1.6/1.7: Backend: Misconfigured super-users which are in other groups as well (e.g. Registered) don't see groups above registered in user edit

Updated by krileon about 13 years ago

get_groups_below_me first had to be fixed to properly get the groups below someone. I've fixed it to loop through the users groups and uniquely add them to an array then parse out those that the user doesn't have permission for from a select drop-down object array. This is the same methods used in GJ 2.4 tested working (which can be removed once this is added to CB core).

Actions #3

Updated by beat about 13 years ago

  • Subject changed from J1.6/1.7: Backend: Misconfigured super-users which are in other groups as well (e.g. Registered) don't see groups above registered in user edit to J1.7: Backend: Misconfigured super-users which are in other groups as well (e.g. Registered) don't see groups above registered in user edit
  • Status changed from Resolved to Closed

Fixed in r1581 similar and equivalent to proposed patch.

Thanks Kyle.

Actions

Also available in: Atom PDF