Bug in User Access
Posted: 12 May 2011, 08:48
Phocadownload v2 RC2
It seems that access rights are checked on a single file level but there are only access informations for the whole extension available. So nobody except super users can edit files via backend.
\administrator\components\com_phocadownload\controllers\phocadownloadfile.php
should be
\administrator\components\com_phocadownload\views\phocadownloadfiles\tmpl\default.php
etc.
It seems that access rights are checked on a single file level but there are only access informations for the whole extension available. So nobody except super users can edit files via backend.
\administrator\components\com_phocadownload\controllers\phocadownloadfile.php
Code: Select all
$user->authorise('core.edit', 'com_phocadownload.phocadownloadfile.'.$categoryId);
Code: Select all
$user->authorise('core.edit', 'com_phocadownload');
Code: Select all
// fixed user access rights
/*
$canCreate = $user->authorise('core.create', 'com_phocadownload.phocadownloadfile.'.$item->id);
$canEdit = $user->authorise('core.edit', 'com_phocadownload.phocadownloadfile.'.$item->id);
$canCheckin = $user->authorise('core.manage', 'com_checkin') || $item->checked_out==$user->get('id') || $item->checked_out==0;
$canChange = $user->authorise('core.edit.state', 'com_phocadownload.phocadownloadfile.'.$item->id) && $canCheckin;
$canEditCat = $user->authorise('core.edit', 'com_phocadownload.phocadownloadcat.'.(int)$item->category_id);
*/
$canCreate = $user->authorise('core.create', 'com_phocadownload');
$canEdit = $user->authorise('core.edit', 'com_phocadownload');
$canCheckin = $user->authorise('core.manage', 'com_checkin') || $item->checked_out==$user->get('id') || $item->checked_out==0;
$canChange = $user->authorise('core.edit.state', 'com_phocadownload') && $canCheckin;
$canEditCat = $user->authorise('core.edit', 'com_phocadownload');