Hi Nathalie,
I was talking about the repository users subtree. Apparently there is
also a users_subtree in the user application :) And yes, it seems that
it always returns true. Sorry for the mixup
I agree with your temporary solution, when we implement the new rights
everywhere we could look into other possibilities (speed shouldn't be an
issue then).
Pieterjan
Op 9/06/11 13:11, Nathalie Blocry schreef:
Hi PJ,
I can do all the actions with any user, including the anonymous one.
e.g. the creator component does check whether a user has the create
right at the beginning of the run function:
if (!UserRights :: is_allowed_in_users_subtree(UserRights :: ADD_RIGHT, 0))
{
$this->display_header();
Display :: warning_message(Translation ::
get('AlreadyRegistered'));
$this->display_footer();
exit();
}
but the function called always returns true:
static function is_allowed_in_users_subtree($right, $location)
{
return true;
return RightsUtilities :: is_allowed($right, $location, self
:: TYPE_USER, UserManager :: APPLICATION_NAME, null, 0, self ::
TREE_TYPE_USER);
}
I have deleted the user-package completely and downloaded it again
through the phing script to make sure I have the latest code, but the
problem is still the same.
am I missing something?
I propose for now replacing UserRights ::
is_allowed_in_users_subtree(UserRights :: ADD_RIGHT, 0) by
$user->is_platform_admin, but since there was talk about allowing things
like subadmins etc, this does limit the possibilities
Op 06/09/2011 12:46 PM, Pieterjan Broekaert schreef:
Hello Nathalie,
The user_subtree is a tree for every user, that contains their
repository categories and content objects. In that tree you can check
if a user has rights on another users categories/content (not if a
user can access an admin component).
The is_allowed_in_users_subtree method is currently used for the share
rights. It only returns true when you have the right or you are a
platform admin. Did you test as platform admin? or anonymous user? (I
haven't really tested the behaviour of the anonymous user)
For now i would only check is_platform_admin. If needed we can create
a tree for the admin components and give the posibility to set custom
rights.
Pieterjan
Op 9/06/11 12:13, Nathalie Blocry schreef:
Hi all,
I was checking what an anonymous user can do and i found that it is
possible for any user to view, delete and create platform users.
I thought it was simply a matter of implementing an "is allowed check"
in all the components, but when i wanted to do that I saw that it had
alreaday been implemented, but was "turned off" some months ago for
speed issues.
now every component does a check with the is_allowed_in_user_subtree
method BUT the method always returns true.
my question is: should this be again re-implemented with use of the
complete right system (like it was, but it must have been turned off for
a reason) or should I just do a check on is_platform_admin without the
possibility of ever giving the creation, editing, ... right to
anybody else?
Nathalie
_______________________________________________
Dev mailing list
Dev@lists.chamilo.org
http://lists.chamilo.org/listinfo/dev
_______________________________________________
Dev mailing list
Dev@lists.chamilo.org
http://lists.chamilo.org/listinfo/dev
_______________________________________________
Dev mailing list
Dev@lists.chamilo.org
http://lists.chamilo.org/listinfo/dev
