Posted by tunny on January 16, 2012 at 5:27pm
6 followers
| Project: | Secure Permissions |
| Version: | 6.x-1.6 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | reviewed & tested by the community |
Issue Summary
If a role does not have any permissions set, it prevents other roles (that come after it in alphabetical order) from having their permissions set correctly.
To test setup an 'aardvark' role and don't assign it any permissions.
Line 197 in secure_permissions_build_permissions() appears to be at fault. It stops it looping if a role has doesn't have any permissions set.
Comments
#1
Since this can be mitigated (by setting a permission), I don't see it as critical.
I wrote this module to prove a point. It needs a new maintainer.
Patches welcome.
#2
Patch attached.
This works for me. However it will need double checking.
If a role isn't defined in the exported settings, it will now lose all its permissions. Is this correct behaviour?
#3
Probably. Given that exporting an empty role would be a destructive act.
#4
We've been using this in production for a few months now without any issues.
If someone else wants to review then I'll commit it.
#5
Patch looks fine to me.
#6
Ran into the same problem for the Drupal 7 1.5 version of the module.
Here is a patch for that.
#7
Typo in previous patch, this fixes that.