Home » Download » Modules » Patterns » Issues

bogus permissions set when granting permissions to a new role

dman - July 26, 2009 - 15:34
Project:Patterns
Version:6.x-1.x-dev
Component:Code
Category:bug report
Priority:normal
Assigned:Unassigned
Status:closed
Description

This one was frustrating.

When granting permissions to a role that didn't have any permissions at all - like a brand-new created one, that role was always being given access to the first perm on the global list (in my case 'administer blocks')

After a lot of trials and tracing, I found that at one point the code that looks up the 'previous' perms was, instead of returning an empty array, returning an array that looked like array(0 => '');
This somehow was making it through the system and marking checkbox #1 as active all the time.
Meh.

Here's the fix for that.

@@ -252,8 +252,11 @@ function user_patterns($op, $id = null,
         if (!$data['overwrite']) {
           $p = db_result(db_query("SELECT perm FROM {permission} WHERE rid = %d", $data['rid']));
           $p = explode(',', $p);
-          $p = array_map('trim', $p);
-          $perms = array_combine($p, $p);
+          $perms = array();
+          if (!empty($p)) {
+            $p = array_map('trim', $p);
+            $perms = array_combine($p, $p);
+          }
           if (!empty($perms)) {
             $data[$data['rid']] = array_merge($perms, $data[$data['rid']]);
           }

Also, I find the XML/code to define 50 different permissions way too tedious and verbose to manage because I can't cut & paste it from anywhere.

 
<actions>
    <permissions role="authenticated user">
      <value>upload files</value>
      <value>view uploaded files</value>
      ...+ dozens and dozens
    </permissions>
</actions>

The doc says I can separate the values in one big string with commas (phew!) but still...
my lists (copied from PHP dumps) look like this:
<actions>
    <permissions role="authenticated user">
      <value>
        'create blog entries',
        'delete own blog entries',
        'edit own blog entries',
        'access comments',
        ...
        ..
      </value>

Note the quotes.
So I added an extra trim() onto the process to discard quotes too. This is closer to CSV support than the simple explode() that was there before.
-            $val = trim($value);
+            $val = trim(trim($value), '\'"');

AttachmentSize
patterns-permissions_oddities.patch1.29 KB
» Login or register to post comments

#1

sarvab - July 28, 2009 - 09:08

Looking great. Thanks a lot! Committed.

Login or register to post comments

#2

andrewlevine - September 28, 2009 - 21:24
Status:needs review» fixed

this was committed (see #1)

Login or register to post comments

#3

System Message - October 12, 2009 - 21:30
Status:fixed» closed

Automatically closed -- issue fixed for 2 weeks with no activity.

Login or register to post comments
 
 

Drupal is a registered trademark of Dries Buytaert.