Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#1897 image gallery: permissions for the galleries

BRANCH-1-8_(CVS)
closed
5
2005-03-11
2005-03-04
Martijn Broos
No

Hi,

I found a little problem with the settings of permissions
in the image gallery. I have Tikiwiki 1.8.5 running on
Windows with IIS and php 5. Mysql is version 1.3

When I do the following:
- I have 2 groups: Test_images and Test_no_images
- I create a new image gallery as the user 'Admin'
- Set the non-admin flag on for the gallery so other users
can see the gallery as well.
- Save the settings.
- Edit the permissions for the gallery and assign the
p_view_image_gallerie to Test_images.
- Logout and log in as the user from the group
Test_images:
- the image gallery can be seen and the link to open it
is enabled. When I click no error is given. It shows the
pictures.
- Log out and log in as the user from the group
Test_no_images:
- The image gallery can be seen and the link to open it
is enabled. When I click the error permission is denied
is given.

3 concerns with this behaviour:
- When I edit the file: tiki-galleries.php the following line:
$galleries = $tikilib->list_galleries($offset,
$maxRecords, $sort_mode, 'admin', $find);
to
$galleries = $tikilib->list_galleries($offset,
$maxRecords, $sort_mode, $user, $find);
all the galleries are still shown, although I would suspect
that only the galleries are shown where I have
permission for (this works that way with the file gallery
structure).
- When I dont have the 'p_view_image_gallery'
permission I would expect that the hyperlink to view the
gallery is not enabled.
- I cannot find the function structure in Tikiwiki:
$galleries = $tikilib->list_galleries($offset, $maxRecords,
$sort_mode, 'admin', $find); So I cannot debug further
what is wrong in this matter

kind regards,

Martijn Broos

Discussion

  • Logged In: YES
    user_id=784615

    The buttons are just associated with general perms and not
    with object perm.. There are a lot of place in tikiwiki
    like this. Before doing so, we have to check the perfs....
    It is really disturbing as at least you can access the gal

     
    • assigned_to: nobody --> sylvieg
    • status: open --> closed
     
  • Logged In: YES
    user_id=784615

    I thounght I closed this one yesterday. I backported what
    was existing in 1.9 in 1.8 as it mas done.