From: Nelson Ko <ne...@wo...> - 2012-07-19 21:23:16
|
Hi, When I use security tokens and allow a user token access, for example to a specific blog post, tiki-view_blog_post.php calls $tikilib->get_perm_object for the respective blog. This itself is not an issue, but the problem is inside $tikilib->get_perm_object there is a line: $perms->setGroups($this->get_user_groups($user));. This basically overrides what is done in lib/setup/perms.php where the token group perms are set, so the perms being checked revert to the user's real groups. Is this line still needed? If I comment out // $perms->setGroups($this->get_user_groups($user)); all is well, but I am not sure if it is breaking anything where perhaps the Groups are not set, e.g. if lib/setup/perms are not executed. Is there a way to check if the Perms object already has groups set? I was hoping to make it such that if it has been set that it won't attempt to reset it here. Or should I remove this and commit to trunk and hope nothing else breaks? Nelson. |