Permissions check of single user while administrator fails
The permissions check in get_users_permission fails in part due to $user_id not being defined and the gids check appears to also fail. Issue isn't present if user performing the action is a super user.
#1 Updated by krileon about 6 years ago
- Subject changed from get_users_permission checks if user_id is self when not an array and var isn't defined to Permissions check of single user while administrator fails
- Status changed from Resolved to Assigned
- Assignee changed from beat to krileon
- % Done changed from 100 to 50
#4 Updated by krileon about 6 years ago
Resolved permissions issue, but then the below error becomes apparent.
Warning: array_diff() [function.array-diff]: Argument #1 is not an array in administrator/components/com_comprofiler/library/cb/cb.tables.php on line 151
It's due to $oldUserComplete->gids being null instead of an array for a new user.
#5 Updated by krileon about 6 years ago
- File 3310-p1.patch added
- File 3310-p2.patch added
- Status changed from Assigned to Resolved
- Assignee changed from krileon to beat
- % Done changed from 50 to 100
$oldUserComplete is established in saveSafely, but no check is made to ensure gids is an array. Implemented changing of gids from null to array to prevent errors when directly establishing a new moscomprofilerUser then directly calling saveSafely.
#6 Updated by krileon about 6 years ago
Added pre-patched CB 1.8 Stable files for those needing immediate resolution (and further testing of patches). Those wanting to test simply copy, paste, and replace to the following location.