Re: [Rainbowportal-devel] Bug while more then one Tabs module in a single portal.
Brought to you by:
danijel_kecman,
manudea
From: Chris F. <ch...@cf...> - 2004-12-03 17:29:02
|
Manu, I reported this one to the bug tracker so I'll explain. Why did I have 2 tabs modules? Because I was playing with the arrangement of my admin area. I had one on the admin home page that I was still using and then had one on admin this->tabs subtab. If this bug is not fixed then I do not think you can even move the tabs module. You would have to either have 2 tabs modules or 0 at the same time to accomplish a move and I don't think either is allowed. Chris Farrell At 06:02 PM 12/3/2004 +0100, you wrote: >Ok.. let's think simple: >- the bug occus only on tabs module >- it is enough have access to one of the modules to be allowed to >change the tabs... >TOP 1 works and at first sight not expose any security risk IMHO. >Would be different if the module can be any, but this is not the case. > >Just for curiosity: why you need 2 tab controls on same site? > >Manu > > >On Sat, 4 Dec 2004 00:53:53 +0800, yiming <xuy...@se...> wrote: > > > > > > > > There's a bug I found here: > > > > > > > > *How to produce the bug: > > > > If you add 2 Tabs modules in a single portal, > > > > and login to the portal, you will receive server error message > > > > because of the bug. > > > > > > > > The bug is all about rb_FindModuleByGuid procedure, which was > > > > generated at 1.4.0.1784.sql. > > > > > > > > *What does make this bug: > > > > While the HeaderMenu try to find out if the user logged in has > > > > security access of changing tab contents. > > > > It calls functions by the following order: > > > > > > > > 1--HeaderMenu.cs(374):function DataBind() > > > > 2--ModulesDB.cs(1105):function FindModuleByGuid() > > > > 3--1.4.0.1784.sql:rb_FindModuleByGuid > > > > > > > > You may read the line after DataBind() of HeaderMenu calling > > FindModuleByGuid(), > > > > > > > > if ((ShowTabMan) && > > (PortalSecurity.HasEditPermissions(TabModuleID) == true)) > > > > > > > > It checks if there is a TabModuleID returned, and this user has permission > > to use it. > > > > > > > > ** We shouldn't assume there is one, or there is only one module of some > > Guid. > > > > ** That is, there could be zero, one, or many. > > > > > > > > And there's one thing I found, the function FindModuleByGuid() and > > rb_FindModuleByGuid > > > > wasn't used in anywhere else. That made it easier to fix this bug. > > > > > > > > *What's the problem with rb_FindModuleByGuid > > > > Read the following SQL Code: > > > > > > > > SELECT > > > > @ModuleID = > > > > ( > > > > SELECT rb_Modules.ModuleID > > > > FROM rb_Modules > > > > INNER JOIN rb_ModuleDefinitions ON rb_Modules.ModuleDefID = > > rb_ModuleDefinitions.ModuleDefID > > > > WHERE (rb_ModuleDefinitions.PortalID = @PortalID) AND > > (rb_ModuleDefinitions.GeneralModDefID = @guid) > > > > ) > > > > GO > > > > > > > > The problem is: there could be more then one Module selected, > > > > and you can't assign a value into @ModuleID if there're more then one row > > returned. > > > > > > > > *What do I do now? > > > > > > > > I'm not sure about how to solve thid problem. For temporary, I add > > > > "Top 1" in the Select command of rb_FindModuleByGuid, but it's not the way > > to be. > > > > > > > > What if there're no ModuleID returned? > > > > What if the access rights are different between modules of same Guid? > > > > > > > > I can make the fix if someone tells me the solution to be. > > > > But I need some advise, please give me one. > > > > > > > > yiming > > >------------------------------------------------------- >SF email is sponsored by - The IT Product Guide >Read honest & candid reviews on hundreds of IT Products from real users. >Discover which products truly live up to the hype. Start reading now. >http://productguide.itmanagersjournal.com/ >_______________________________________________ >Rainbowportal-devel mailing list >Rai...@li... >https://lists.sourceforge.net/lists/listinfo/rainbowportal-devel |