Project

General

Profile

Actions
Copy link

Bug #6483

closed

Backend fieldClass response has incorrect access check

Added by krileon about 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
krileon
Target version:
CB 2.1.3
Start date:
01 February 2017
Due date:
% Done:

100%

Estimated time:

Description

Admins that can edit users, but are not super users, can not utilize any fieldClass ajax usages due to an incorrect access permissions check. This is likely in the legacy code for backend endpoints.

Error: You cannot edit a `guest`. Only higher-level users have this power.

https://www.joomlapolis.com/forum/255-developer-members-support/235938-strange-access-restriction

Actions
Copy link
 #1

Updated by krileon about 7 years ago

tabClass in administrator/components/com_comprofiler/controller/controller.default.php is calling checkCBpermissions incorrectly. Needs same check as frontend.

Actions
Copy link
 #2

Updated by krileon about 7 years ago

  • Status changed from Assigned to Resolved
  • % Done changed from 0 to 100

Fixed in MR !1248

Actions
Copy link
 #3

Updated by krileon over 6 years ago

  • Target version changed from CB 2.2 to CB 2.1.3
Actions
Copy link
 #4

Updated by krileon over 6 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF