User with permission tiki_p_edit in a certain categorie is not allowed to add a page in a structure assigned to that structure.
- Status
- Open
- Subject
- User with permission tiki_p_edit in a certain categorie is not allowed to add a page in a structure assigned to that structure.
- Version
- 6.x
- Category
- Conflict of two features (each works well independently)
- Feature
- Category
Wiki Structure (book & table of content) - Lastmod by
- fhkd
- Rating
- Description
I defined a category Helpdesk and assigned it to a structure Helpdesk FAQ.
Also i defined a group Helpdeskadmin, which useres should be able to add new pages to the structure.
Now if a helpdeskadmin try to Add a page to the structure (with the button on the top of the wikipage with the toc), he must have global permission tiki_p_edit, not only for that categorie.
My analysis:In tiki-editpage.php there are to permission tests:
First:
// Permissions
$tikilib->get_perm_object($page, 'wiki page', $info, true);
if ($tiki_p_edit !== 'y') {
...
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to edit this page."));
$smarty->display("error.tpl");
die;
}Second:
//Is new page to be inserted into structure?
if $_REQUEST%22current_page_id%22 {
...
$structure_info = $structlib->s_get_structure_info($_REQUEST'current_page_id');
if ( ($tiki_p_edit != 'y' && !$tikilib->user_has_perm_on_object($user,$structure_info%22pageName%22,'wiki page','tiki_p_edit')) || $tiki_p_edit_structures != 'y' && !$tikilib->user_has_perm_on_object($user,$structure_info%22pageName%22,'wiki page','tiki_p_edit_structures' ) ) {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to edit this page."));
$smarty->display("error.tpl");
die;
}The first one is the problem becaus it asks only for globel permission, i think.
- Solution
- Perhaps the first permission test can also ask for the permission defined in structure or categorie?
- Priority
- 25
- Demonstrate Bug (Tiki 19+)
-
This bug has been demonstrated on show2.tiki.org
Please demonstrate your bug on show2.tiki.org
Version: Create show2.tiki.org instanceAbout show2.tiki.orgTo help developers solve the bug, we kindly request that you demonstrate your bug on a show2.tiki.org instance. To start, simply select a version and click on "Create show2.tiki.org instance". Once the instance is ready (in a minute or two), as indicated in the status window below, you can then access that instance, login (the initial admin username/password is "admin") and configure the Tiki to demonstrate your bug. Priority will be given to bugs that have been demonstrated on show2.tiki.org.
- Created
- Thursday 29 September, 2011 11:10:15 GMT-0000
by fhkd - LastModif
- Thursday 29 September, 2011 12:03:24 GMT-0000
Attachments
| filename | created | hits | comment | version | filetype | ||
|---|---|---|---|---|---|---|---|
| No attachments for this item | |||||||
;){kind=link}
;){kind=link}
- Kanban plugin; the Swimlane field throw an error if using a category field type
- Kanban plugin: Error if the fields Description and Swimlane are empty
- Race condition: Sessions stored in the database and Cypht
- Tracker, validation; Editing an existing item with a validation option set as distinct failed (considered a new item)
- Helper icons, buttons and short labels should be kept on the same line as the setting widget being edited (don't do wrapping), to avoid looking broken and having uneven row heights
;){kind=link}
;){kind=link}