Wrong user permission checking when assign a group role [#495062]

Hi,

I'm not sure whether is it a bug or not. Here is the situation:
- autoassign a user role when create a new group (ex GroupAdminRole)
- only the GroupAdminRole role has the permission of 'configure member roles'
- somebody join to the group
- the group's owner wants to assign additional roles to the group's members
- error: the 'og/users/%gid/roles' page is not allowed for the groups's owner because the user hasn't got the permission by any general role (via user_access)

I guess the right way would be to check whether the user has the 'configure member roles' permission in that certain group. (Since og user roles related to certain og groups.)

Here is my working patch:
(I wanted to send you a real patch file but there is some font encoding problem in the code's cvs checkout version. I use utf8 with unix new line chars.)

//file : og_user_roles.module - line: 968

function og_user_roles_is_allowed($nid) {
  $node = node_load($nid);
  if (in_array($node->type, og_get_types('group')) && variable_get("og_user_roles_roles_$node->type", NULL) && user_access('configure member roles')) {
    return TRUE;
  }
  else {
    return FALSE;
  }
}

What do you think?

Best regards,
Peter

Comments

Comment #1

itarato CreditAttribution: itarato commented 18 June 2009 at 09:21

Sorry, I pasted the original code, here you are my version:

function og_user_roles_is_allowed($nid) {
  global $user;

  $node = node_load($nid);
  if (in_array($node->type, og_get_types('group')) && variable_get("og_user_roles_roles_$node->type", NULL) && og_user_roles_user_access('configure member roles', $nid, $user->uid)) {
    return TRUE;
  }
  else {
    return FALSE;
  }
}

Comment #2

sun

German

Karlsruhe

CreditAttribution: sun commented 5 December 2009 at 18:03

Status:

Needs review

» Closed (won't fix)

With the rise of the rewritten OGUR 4.x for Drupal 6, in which many unrelated features of OGUR were removed, and nearing a release of Drupal 7, I'm closing down old issues.