Sort of.

1. I sign in as a non-root user with roles that give me full access to the Outline Designer
2. I access the designer and load an outline (nothing happens if I just access the designer without picking an outline).
3. The next page load on the site is always as "Anonymous."

According to Watchdog logs, the authenticated session isn't actually officially closed, so I suspect that the Outline Designer code merely changes the current user ID to 0.
This happens pretty early on in the outline "editing" because Watchdog always logs Access Denied errors for outline_designer/ajax/get_icons

I haven't yet tracked down where or why this is happening.

Comments

kopo88’s picture

kopo88 commented
Status: Active » Needs review

ajax.php, line 187:
}elseif($user->uid = $value['uid'] && user_access('edit own ' . $value['type'] . ' ' . $term)){

outline_designer.module, line 540:
}elseif($user->uid = $value['uid'] && user_access('edit own ' . $value['type'] . ' ' . $term)){

These should be:

$user->uid == $value['uid']

Even the great occasionally make typos, I'm afraid. :-)

Also, there seems to be a lot refactoring that can be done in this module to avoid these repetitions.

btopro’s picture

btopro commented
Assigned: Unassigned » btopro
Status: Needs review » Reviewed & tested by the community

oh dang! lol. I'll have to patch that right up and throw out a new version. Nice catch.

As for the Ajax.php file, it's old code that keeps getting added into new builds of the project. The beta version ran off of ajax.php and then I got help pushed it to a function in the .module

Nice find!

btopro’s picture

btopro commented
Version: 5.x-1.3-2 » 5.x-1.3-3
Status: Reviewed & tested by the community » Fixed
kopo88’s picture

kopo88 commented
Version: 5.x-1.3-3 » 5.x-1.4
Status: Fixed » Active

ajax.php is missing from the latest release. Users who untar the package and overwrite will not notice that ajax.php is not overwritten. The current version of ajax.php in CVS does not yet contain the fix.

btopro’s picture

btopro commented
Status: Active » Fixed

ajax.php is no longer used. It was historical (used in beta releases) but I took it out of 1.4 because people keep reporting on it and it's not used code anymore. The code in ajax.php is now included at the end of outline_designer.module as a menu location to make it easier to install. Upgrading fixes the issue and you can delete the old ajax.php file if you want to as it just sits there now.

btopro’s picture

btopro commented
Status: Fixed » Closed (fixed)