From: <bra...@kr...> - 2012-07-10 22:33:52
|
Revision: 6838 Author: bradoaks Date: 2012-07-10 18:33:32 -0400 (Tue, 10 Jul 2012) Log Message: ----------- fixing bug with admin_users and admin_users_limited Modified Paths: -------------- trunk/krang/docs/changelog.pod trunk/krang/lib/Krang/Group.pm Modified: trunk/krang/docs/changelog.pod =================================================================== --- trunk/krang/docs/changelog.pod 2012-07-06 16:41:10 UTC (rev 6837) +++ trunk/krang/docs/changelog.pod 2012-07-10 22:33:32 UTC (rev 6838) @@ -40,6 +40,12 @@ =item * +Fixed bug where a user being in a group with admin_user_limited perms +would be given full admin_user access if they were in another group +with neither admin_user nor admin_user_limited perms. [Brad Oaks] + +=item * + Fixed bug where some publish time exceptions were being silently disguarded and the user would be left with a successful message even though the item was never published. [Michael Peters] Modified: trunk/krang/lib/Krang/Group.pm =================================================================== --- trunk/krang/lib/Krang/Group.pm 2012-07-06 16:41:10 UTC (rev 6837) +++ trunk/krang/lib/Krang/Group.pm 2012-07-10 22:33:32 UTC (rev 6838) @@ -1500,8 +1500,6 @@ my @admin_perms = qw( may_publish may_checkin_all - admin_users - admin_users_limited admin_groups admin_contribs admin_sites @@ -1520,22 +1518,11 @@ foreach my $admin_perm (@admin_perms) { my $admin_perm_method = $admin_perm; - if ($admin_perm eq "admin_users_limited") { + %levels = ( + 0 => 1, + 1 => 2 + ); - # admin_users_limited is opposite: 0 is higher perm than 1 - %levels = ( - 0 => 2, - 1 => 1 - ); - } else { - - # Everything else is normal - %levels = ( - 0 => 1, - 1 => 2 - ); - } - # Iterate through groups foreach my $group (@groups) { my $curr_permission_type = $admin_perm_access{$admin_perm}; @@ -1550,6 +1537,28 @@ } } + # Now consider admin_users and admin_users_limited since they matter as a pair + $admin_perm_access{'admin_users'} = 0; + $admin_perm_access{'admin_users_limited'} = 0; + foreach my $group (@groups) { + + # if find full access from this group, record it and quit looking + if ($group->admin_users() && !$group->admin_users_limited()) { + debug(sprintf 'the group [%s] gives us full admin_user permissions; no need to look further.', $group->name); + $admin_perm_access{'admin_users'} = 1; + $admin_perm_access{'admin_users_limited'} = 0; + last; + } + + # if find limited access, record it but keep looking + if ($group->admin_users() && $group->admin_users_limited()) { + $admin_perm_access{'admin_users'} = 1; + $admin_perm_access{'admin_users_limited'} = 1; + debug(sprintf 'the group [%s] gives us limited admin_user permissions; will keep looking for full.', $group->name); + next; + } + } + # Now that we have the table of admin_perm access levels, return results return $admin_perm_access{$admin_perm} if ($admin_perm); |