Bug #2720
closed
J1.7: Backend: Misconfigured super-users which are in other groups as well (e.g. Registered) don't see groups above registered in user edit
Added by beat over 13 years ago.
Updated about 13 years ago.
Start date:
17 August 2011
Description
cbacl::get_groups_below_me()
and cb.core.php line 3636 (maybe this could use the acl-function instead of duplicating the code ?)
should not remove anything if a user IS super-admin:
// remove users 'above' me
$i = 0;
while ( $i < count( $gtree ) ) {
if ( in_array( $gtree[$i]->value, $ex_groups ) ) {
array_splice( $gtree, $i, 1 );
} else {
$i++;
}
}
Files
- Subject changed from J1.6/1.7: Backend: Miconfigured super-users which are in other groups as well (e.g. Registered) don't see groups above registered in user edit to J1.6/1.7: Backend: Misconfigured super-users which are in other groups as well (e.g. Registered) don't see groups above registered in user edit
get_groups_below_me first had to be fixed to properly get the groups below someone. I've fixed it to loop through the users groups and uniquely add them to an array then parse out those that the user doesn't have permission for from a select drop-down object array. This is the same methods used in GJ 2.4 tested working (which can be removed once this is added to CB core).
- Subject changed from J1.6/1.7: Backend: Misconfigured super-users which are in other groups as well (e.g. Registered) don't see groups above registered in user edit to J1.7: Backend: Misconfigured super-users which are in other groups as well (e.g. Registered) don't see groups above registered in user edit
- Status changed from Resolved to Closed
Fixed in r1581 similar and equivalent to proposed patch.
Thanks Kyle.
Also available in: Atom
PDF
Updated by 
Updated by