[FIXED] Wrong permission check?

ggppdk
Offline
Administrator

10 years 2 months ago #49270 by ggppdk

Replied by ggppdk on topic Wrong permission check?

Hello

please give detailed instructions about steps to follow for replicating the problem,

i have not managed to replicate the issue

-- Flexicontent is Free but involves a big effort on our part.
Like the our support? (for a bug-free FC, despite having a long list of functions) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing with a 5-star...

Please Log in or Create an account to join the conversation.

jrodgar
Topic Author
Offline
Platinum Member

10 years 2 months ago #49319 by jrodgar

Replied by jrodgar on topic Wrong permission check?

User "Redactor" with create, edit and edit own permissions on CategoryA. No component permissions
User "Revisor", inherit "Redactor" permissions and add "Edit state" and "Edit state own" permissions on CategoryA. No component permissions

Redactor create article inside CategoryA
Revisor can´t publish article from inside the item form (he can from item list!)

You can also see the code I told and check the variable values

Unless otherwise indicated:
Joomla 3.8.1
Flexicontent 3.2.1.7

Please Log in or Create an account to join the conversation.

ggppdk
Offline
Administrator

10 years 2 months ago #49351 by ggppdk

Replied by ggppdk on topic Wrong permission check?

Hello

Revisor can´t publish article from inside the item form (he can from item list!)

i see, will test this

PS: can add the ACL privilege (component)
"Can request Approval for any item"

so if you
1. give the above privilege to your revisor

2. and also the ACL privilege (component)
Items (Frontend Content Lists): ignore view state

3. create a menu item to point to multi-category view (do not select any category) or to category view and also show
- State filter
- Category filter

this will make better frontend for your revisors ?

Please Log in or Create an account to join the conversation.

jrodgar
Topic Author
Offline
Platinum Member

10 years 2 months ago #49367 by jrodgar

Replied by jrodgar on topic Wrong permission check?

We have some flexicontent deploys but none of them use heavily a frontend edition, but I think I understand what you want to get, that way the editor could change between the categories he can access and request approval for whatever he wants

Unless otherwise indicated:
Joomla 3.8.1
Flexicontent 3.2.1.7

Please Log in or Create an account to join the conversation.

jrodgar
Topic Author
Offline
Platinum Member

10 years 2 months ago #49480 by jrodgar

Replied by jrodgar on topic Wrong permission check?

Anyway, the original bug is still on 1955. I have it hotfixed on local in the way I explain below, but I´m not sure if there is something I´m not taking into account

jrodgar wrote: Ok, here is the deal

code.google.com/p/flexicontent/ ... m.php#1288

That check is giving me problems, looks like is not checking properly that is empty when an object is being passed (see this stackoverflow.com/questions/9412 ... pty-in-php )

In my case, the problem appeared when a user, that have edit state permissions on the category item, tries to save the change state from "pending approval" to "published"

So the stack would be

items.php:save()

parentclassitem.php:getForm()( code.google.com/p/flexicontent/ ... em.php#971 )

parentclassitem.php:canEditState()

For example, when I change the problematic line ( code.google.com/p/flexicontent/ ... m.php#1288 ) with

tmpItem = (array)$item;
if ( empty($item) || empty($tmpItem))

It saves correctly (it seems correctly)

What do you think?

By the way:
PHP 5.4.31
Flexicontent 2.2.0 r1910
Joomla 3.2.4