View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000109 | XMB1 | Bugs | public | 2008-08-10 14:39 | 2008-08-22 03:39 |
| Reporter | HoodedMan | Assigned To | kuba1 | ||
| Priority | normal | Severity | major | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Product Version | 1.9.10 | ||||
| Target Version | 1.9.11 | Fixed in Version | 1.9.11 | ||
| Summary | 0000109: User Access List problems | ||||
| Description | I'm having a few problems with the user access list. I have a forum (not a subforum) that should be visible and accessible only to the users on the user access list. As some of these users are not staff, I have extended all permissions down to Member. This has yielded interesting results. As a guest, I cannot see the forum, and as a member I cannot see the forum unless I am on the user access list. However, a Super Moderator who is not on the user access list was able to see the forum and I was able to reproduce that result. However, I don't quite understand it. The code for subforums looks normal to me; it uses checkForumPermissions() and checks for X_PERMS_VIEW && X_PERMS_USERLIST like the rest of the code, but I don't quite get the code for forums. | ||||
| Additional Information | http://forums.xmbforum.com/viewthread.php?tid=764994 http://forums.xmbforum.com/viewthread.php?tid=772879 This bug originated in the version 1.9.9 code base. | ||||
| Tags | API | ||||
| MySQL Version | |||||
| PHP Version | |||||
| Web Server | |||||
| Browser | |||||
| Flags | |||||
| Original Reporter | |||||
| SVN Revision | 1251 | ||||
| Git Commit | |||||
| child of | 0000117 | closed | miqrogroove | Make Forum Permissions More Modular, Consistent |
|
|
This item just needs consistency in application throughout XMB wherever permissions are used. I plan to use viewer||userlist throughout. |
|
|
One of the oddballs to look out for is post quoting. That happens in the middle of post.php and comes with its own perms check. |
|
|
3 lines in forumdisplay.php edited and permissions tested on test site. |
|
|
Um. Are you done? Do you want me to do the rest of it? :P |
|
|
Nope. Not done. Permissions edits in all of the following files: post.php stats.php today.php topicadmin.php viewthread.php misc.php Will be testing tonight and will commit if tests are passed. |
|
|
Remember to hit functions.inc.php as well. |
|
|
function forum, function forumlist I'm committing the changes now. Will test more tomorrow and close this item if tests are good. So far, so good permissions are working well. |
|
|
also 1238 and 1239 all changes committed. |
|
|
Let me do a code search to eliminate some of the guesswork here... viewthread.php post.php member.php index.php vtmisc.php topicadmin.php today.php stats.php misc.php functions.inc.php online.inc.php forumdisplay.php |
|
|
I'm going to add some API stuff this afternoon. Are you still working on this permissions issue? |
|
|
Yes I am. It has been neglected a few days, but will finish the other files this weekend. Should be able to commit the rest tomorrow. |
|
|
Finished up the remaining files so that I can commit pending API changes. Also, it was necessary to change function checkForumPermissions() as it turned out the underlying problem was a bug we picked up from the 1.9.9 code base. To patch the 1.9.10 branch, revisions 1237 through 1240 would need to be ported. |
|
|
Guests aren't being handled properly now in checkForumPermissions(). |
|
|
More tweaks were needed. Ugh! The fix for this issue now consists of parts of revisions 1237 through 1240, 1249, and 1251. But there are a lot of API changes going on with the 1.9.11 code while I'm shaking out these userlist bugs. I've added 0000124 as well, which is causing PHP warnings in the userlist feature. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2008-08-10 14:39 | miqrogroove | New Issue | |
| 2008-08-10 14:39 | miqrogroove | Original Reporter | => HoodedMan |
| 2008-08-10 14:41 | miqrogroove | Severity | minor => major |
| 2008-08-10 14:41 | miqrogroove | Status | new => confirmed |
| 2008-08-10 14:41 | miqrogroove | Projection | none => minor fix |
| 2008-08-10 15:05 | miqrogroove | Additional Information Updated | |
| 2008-08-10 15:19 | kuba1 | Note Added: 0000030 | |
| 2008-08-10 15:19 | kuba1 | Assigned To | => kuba1 |
| 2008-08-10 16:35 | miqrogroove | Note Added: 0000031 | |
| 2008-08-10 22:16 | miqrogroove | Original Reporter | HoodedMan => |
| 2008-08-10 22:16 | miqrogroove | Reporter | miqrogroove => HoodedMan |
| 2008-08-11 19:24 | kuba1 | SVN Revision | => 1237 |
| 2008-08-11 19:24 | kuba1 | Note Added: 0000032 | |
| 2008-08-11 19:24 | kuba1 | Additional Information Updated | |
| 2008-08-11 20:32 | miqrogroove | Note Added: 0000033 | |
| 2008-08-12 07:52 | kuba1 | Note Added: 0000034 | |
| 2008-08-12 10:50 | miqrogroove | Note Added: 0000035 | |
| 2008-08-12 22:06 | kuba1 | Note Added: 0000036 | |
| 2008-08-12 22:11 | kuba1 | Note Added: 0000037 | |
| 2008-08-12 22:45 | miqrogroove | Note Added: 0000038 | |
| 2008-08-16 14:46 | miqrogroove | Note Added: 0000039 | |
| 2008-08-16 16:06 | miqrogroove | Relationship added | related to 0000117 |
| 2008-08-16 16:06 | miqrogroove | Relationship deleted | related to 0000117 |
| 2008-08-16 16:06 | miqrogroove | Relationship added | child of 0000117 |
| 2008-08-16 17:59 | kuba1 | Note Added: 0000040 | |
| 2008-08-16 19:15 | miqrogroove | Additional Information Updated | |
| 2008-08-16 19:17 | miqrogroove | SVN Revision | 1237 => 1240 |
| 2008-08-16 19:17 | miqrogroove | Note Added: 0000041 | |
| 2008-08-16 19:17 | miqrogroove | Status | confirmed => resolved |
| 2008-08-16 19:17 | miqrogroove | Fixed in Version | => 1.9.11 |
| 2008-08-16 19:17 | miqrogroove | Resolution | open => fixed |
| 2008-08-16 23:35 | miqrogroove | Note Added: 0000043 | |
| 2008-08-16 23:35 | miqrogroove | Status | resolved => assigned |
| 2008-08-16 23:35 | miqrogroove | Resolution | fixed => reopened |
| 2008-08-16 23:35 | miqrogroove | Fixed in Version | 1.9.11 => |
| 2008-08-17 00:30 | miqrogroove | SVN Revision | 1240 => 1249 |
| 2008-08-17 00:30 | miqrogroove | Status | assigned => resolved |
| 2008-08-17 00:30 | miqrogroove | Fixed in Version | => 1.9.11 |
| 2008-08-17 00:30 | miqrogroove | Resolution | reopened => fixed |
| 2008-08-17 02:58 | miqrogroove | Tag Attached: API | |
| 2008-08-17 03:02 | miqrogroove | SVN Revision | 1249 => 1251 |
| 2008-08-17 03:02 | miqrogroove | Note Added: 0000044 | |
| 2008-08-22 03:39 | miqrogroove | Status | resolved => closed |
