Project

General

Profile

Actions

Bug #6483

closed

Backend fieldClass response has incorrect access check

Added by krileon almost 8 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Start date:
01 February 2017
Due date:
% Done:

100%

Estimated time:

Description

Admins that can edit users, but are not super users, can not utilize any fieldClass ajax usages due to an incorrect access permissions check. This is likely in the legacy code for backend endpoints.

Error: You cannot edit a `guest`. Only higher-level users have this power.

https://www.joomlapolis.com/forum/255-developer-members-support/235938-strange-access-restriction

Actions #1

Updated by krileon almost 8 years ago

tabClass in administrator/components/com_comprofiler/controller/controller.default.php is calling checkCBpermissions incorrectly. Needs same check as frontend.

Actions #2

Updated by krileon almost 8 years ago

  • Status changed from Assigned to Resolved
  • % Done changed from 0 to 100

Fixed in MR !1248

Actions #3

Updated by krileon over 7 years ago

  • Target version changed from CB 2.2 to CB 2.1.3
Actions #4

Updated by krileon over 7 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF