Home » Download » Modules » Apache Solr Search Integration » Issues

Acess control should be set to follow search module

kleung11 - August 25, 2008 - 04:12
Project:Apache Solr Search Integration
Version:6.x-1.x-dev
Component:Code
Category:feature request
Priority:minor
Assigned:JacobSingh
Status:closed
Description

Administering apache solr search is set to 'administer site configuration'. But since this module requires the search module and it has a more define set of search access control, it should be using that instead. I think it should be set to
'access' => user_access('administer search'),

on line 18 and 24 of apachesolr.module.

» Login or register to post comments

#1

JacobSingh - September 4, 2008 - 08:16

Agreed. Can you submit a patch for this?

Login or register to post comments

#2

kleung11 - September 4, 2008 - 19:39

Patch attached.

AttachmentSize
adminsearch.patch 1005 bytes
Login or register to post comments

#3

kleung11 - September 4, 2008 - 19:41
Status:active» needs review
Login or register to post comments

#4

JacobSingh - September 5, 2008 - 07:59
Status:needs review» patch (to be ported)

Hey folks,

I just committed this one because it was so trivial and obvious. Feel free to revert if there is any issue.

Thanks kleung!

Login or register to post comments

#5

robertDouglass - September 5, 2008 - 10:08

I'd feel best if we ported things like this immediately.

Login or register to post comments

#6

JacobSingh - September 5, 2008 - 12:58
Assigned to:Anonymous» JacobSingh
Login or register to post comments

#7

JacobSingh - September 6, 2008 - 08:36
Version:5.x-1.0-alpha3» 6.x-1.x-dev
Status:patch (to be ported)» fixed
Login or register to post comments

temp

Anonymous (not verified) - September 20, 2008 - 08:45

Automatically closed -- issue fixed for two weeks with no activity.

Login or register to post comments

temp

Anonymous (not verified) - September 20, 2008 - 08:53

Automatically closed -- issue fixed for two weeks with no activity.

Login or register to post comments

#8

Anonymous (not verified) - September 20, 2008 - 09:02
Status:fixed» closed

Automatically closed -- issue fixed for two weeks with no activity.

Login or register to post comments

#9

kleung11 - November 6, 2008 - 19:31
Version:6.x-1.x-dev» 5.x-1.x-dev
Component:User interface» Code
Status:closed» needs review

apache delete index should also check "administer search" instead. Trivial patch included.

AttachmentSize
access.patch 354 bytes
Login or register to post comments

#10

pwolanin - November 13, 2008 - 02:56

please post diffs in unified (-u) format

Login or register to post comments

#11

JacobSingh - June 23, 2009 - 04:00

I think we decided to go back to "administer site configuration" for the following reasons:

1. We don't want to require the search module at some point (although we still do).

2. Creating more perms is a PITA for new users.

That being said, I can see a use case where someone at an org can modify boosting params, but cannot see everyone's social security #s. SO I'm actually in favor of doing this.

I'll make a patch, but what do people think?

a). use administer search (thereby requiring search module as long as we do this).

b). use a new permission like "administer apachesolr"

c). leave it as is.

Best,
Jacob

Login or register to post comments

#12

pwolanin - June 24, 2009 - 14:15

Given that we depend on the search module, we should probably use 'administer search' for most of this. Possibly "delete index" should still be limited?

Login or register to post comments

#13

pwolanin - June 30, 2009 - 21:08
Version:5.x-1.x-dev» 6.x-1.x-dev
Category:bug report» feature request
AttachmentSize
access-299539-13.patch 6.17 KB
Login or register to post comments

#14

janusman - July 1, 2009 - 22:31
Status:needs review» needs work

Missed a line in apachesolr.admin.inc:

    // This form can't be seen by anyone without 'administer site configuration'

Otherwise, it works.

Login or register to post comments

#15

pwolanin - July 1, 2009 - 22:54
Status:needs work» fixed

fixed code comment. Committing to 6.x

AttachmentSize
access-299539-15.patch 7.2 KB
Login or register to post comments

#16

System Message - July 15, 2009 - 23:00
Status:fixed» closed

Automatically closed -- issue fixed for 2 weeks with no activity.

Login or register to post comments
 
 

Drupal is a registered trademark of Dries Buytaert.