[Krang-CVS] [6838] fixing bug with admin_users and admin_users_limited

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Revision: 6838
Author:   bradoaks
Date:     2012-07-10 18:33:32 -0400 (Tue, 10 Jul 2012)
Log Message:
-----------
fixing bug with admin_users and admin_users_limited

Modified Paths:
--------------
    trunk/krang/docs/changelog.pod
    trunk/krang/lib/Krang/Group.pm

Modified: trunk/krang/docs/changelog.pod
===================================================================

--- trunk/krang/docs/changelog.pod	2012-07-06 16:41:10 UTC (rev 6837)
+++ trunk/krang/docs/changelog.pod	2012-07-10 22:33:32 UTC (rev 6838)
@@ -40,6 +40,12 @@
 
 =item *
 
+Fixed bug where a user being in a group with admin_user_limited perms
+would be given full admin_user access if they were in another group
+with neither admin_user nor admin_user_limited perms. [Brad Oaks]
+
+=item *
+
 Fixed bug where some publish time exceptions were being silently
 disguarded and the user would be left with a successful message even
 though the item was never published. [Michael Peters]

Modified: trunk/krang/lib/Krang/Group.pm
===================================================================
--- trunk/krang/lib/Krang/Group.pm	2012-07-06 16:41:10 UTC (rev 6837)
+++ trunk/krang/lib/Krang/Group.pm	2012-07-10 22:33:32 UTC (rev 6838)
@@ -1500,8 +1500,6 @@
 
     my @admin_perms = qw( may_publish
       may_checkin_all
-      admin_users
-      admin_users_limited
       admin_groups
       admin_contribs
       admin_sites
@@ -1520,22 +1518,11 @@
     foreach my $admin_perm (@admin_perms) {
         my $admin_perm_method = $admin_perm;
 
-        if ($admin_perm eq "admin_users_limited") {
+        %levels = (
+            0 => 1,
+            1 => 2
+        );
 
-            # admin_users_limited is opposite: 0 is higher perm than 1
-            %levels = (
-                0 => 2,
-                1 => 1
-            );
-        } else {
-
-            # Everything else is normal
-            %levels = (
-                0 => 1,
-                1 => 2
-            );
-        }
-
         # Iterate through groups
         foreach my $group (@groups) {
             my $curr_permission_type = $admin_perm_access{$admin_perm};
@@ -1550,6 +1537,28 @@
         }
     }
 
+    # Now consider admin_users and admin_users_limited since they matter as a pair
+    $admin_perm_access{'admin_users'} = 0;
+    $admin_perm_access{'admin_users_limited'} = 0;
+    foreach my $group (@groups) {
+
+        # if find full access from this group, record it and quit looking
+        if ($group->admin_users() && !$group->admin_users_limited()) {
+            debug(sprintf 'the group [%s] gives us full admin_user permissions; no need to look further.', $group->name);
+            $admin_perm_access{'admin_users'} = 1;
+            $admin_perm_access{'admin_users_limited'} = 0;
+            last;
+        }
+
+        # if find limited access, record it but keep looking
+        if ($group->admin_users() && $group->admin_users_limited()) {
+            $admin_perm_access{'admin_users'} = 1;
+            $admin_perm_access{'admin_users_limited'} = 1;
+            debug(sprintf 'the group [%s] gives us limited admin_user permissions; will keep looking for full.', $group->name);
+            next;
+        }
+    }
+
     # Now that we have the table of admin_perm access levels, return results
     return $admin_perm_access{$admin_perm} if ($admin_perm);
 



