phpdevshell team mailing list archive
-
phpdevshell team
-
Mailing list archive
-
Message #01234
[Bug 1117723] Re: USER_getGroupsQuery and USER_getRolesQuery give back very wrong results in some cases
Hey guys, in PHPDevShell V4 I have completely rewritten the UI, this
includes the tagger system. Tagging core stuff like menus, users and
groups is now an absolute pleasure. While rewriting the user management
UI, I realized we are duplicating the tagger system with Extra Groups
and Extra Roles. This is indeed where the complication starts creeping
in and also, this relationship is indeed overcomplicated as only a
primary group and role is necessary.
Tagging is much more powerful as one can tag groups to users, users to
group, menus to groups upon primary roles and groups. This will solve a
lot of headaches and explanations when it comes to permissions.
--
You received this bug notification because you are a member of
PHPDevShell, which is subscribed to PHPDevShell.
https://bugs.launchpad.net/bugs/1117723
Title:
USER_getGroupsQuery and USER_getRolesQuery give back very wrong
results in some cases
Status in Open Source PHP RAD Framework with UI.:
Confirmed
Bug description:
Both methods are written without really taking into account that they
might be called to get informations about another user, not the logged
in one.
PHPDS->USER_getRolesQuery() checks $this->user->mergeRoles and
abandons further database checks if that field is not empty. It also
writes informations to $this->user->mergeRoles, so the results of the
first user checked by this query will be the only result given back by
it in future calls. And I'm pretty sure $this->user->mergeRoles should
return only current users roles.
PHPDS->USER_getGroupsQuery() does exactly the same with $this->user->mergeGroups, and further more it gives back the main group more than once (this is because $group_string will contain the main group after checking it for childs. $group_main shouln't be merged with $group_string after this).
Also, $group_array is an array resonse from a query. It should be extended with $group_array[] = array('user_group_id' => $group_main), not $group_array[$group_main] = array('user_group_id' => $group_main)
To test this just run $this->userGetRoles($userid) or
$this->userGetGroups($userid) for 2 different users.
To manage notifications about this bug go to:
https://bugs.launchpad.net/phpdevshell/+bug/1117723/+subscriptions
References