#223 $auth('only_admin_can_*) variables ignored

Minor
closed
MRBS (194)
5
2012-08-01
2011-10-05
karcher
No

MRBS Version: 1.4.7
Apache: 2.0.63
PHP. 5.2.13
MySQL 5.1.46
Server: HP OpenVMS on Itanium

Setting these variables to FALSE (as in the default configuration) means they are actually TRUE because of the use of empty in a test like this:

$repeats_allowed = $is_admin || empty($auth['only_admin_can_book_repeat']);

The empty function returns TRUE if the variable is 0, FALSE or not set, If the test was changed to:

$repeats_allowed = $is_admin || $auth['only_admin_can_book_repeat']

This would give the desired results whether the variable is FALSE or not set.

There are 5 cases of these tests in the code: 3 in edit_entry.php, 1 in edit_entry_handler.php and 1 in view_entry.php

Discussion

  • Mmmm - I'm not so sure. The intended result is that if $auth['only_admin_can_book_repeat'] is true, then only admins can book repeats. So the code is saying that repeats are allowed if you're an admin (when you can do anything) or else you're not an admin and it is not true that only admins can book repeats.

    So I think the code is OK as it stands?

    Campbell

     
  • karcher
    karcher
    2011-10-05

    Out of the box, with these variables at the default (FALSE) you can't book repeating meetings unless you are an admin. Consider this:

    So setting:

    $auth['only_admin_can_book_repeat'] = FALSE

    will never have any effect since empty will return TRUE.

     
  • I've just tested this and it works as expected.

    The code is

    $repeats_allowed = $is_admin || empty($auth['only_admin_can_book_repeat']);

    So as empty($auth['only_admin_can_book_repeat']); returns TRUE - as you say - when the config variable is set to FALSE, $repeats_allowed is TRUE and so you can book repeats.

    Campbell

     
  • karcher
    karcher
    2011-10-05

    Ah yes, it does in fact work. My testing was trying to change a booking to repeating but another use had created it.

    Sorry to waste everyone's time.

     
  • OK - no problem!

    Campbell

     
  • John Beranek
    John Beranek
    2012-08-01

    • status: open --> closed
    • assigned_to: Campbell Morrison
     


Anonymous


Cancel   Add attachments