[Tiki-devel] Token access and get_perm_object

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi,

When I use security tokens and allow a user token access, for example
to a specific blog post, tiki-view_blog_post.php calls
$tikilib->get_perm_object for the respective blog.

This itself is not an issue, but the problem is inside
$tikilib->get_perm_object there is a line:
$perms->setGroups($this->get_user_groups($user));. This basically
overrides what is done in lib/setup/perms.php where the token group
perms are set, so the perms being checked revert to the user's real
groups.

Is this line still needed?

If I comment out

// $perms->setGroups($this->get_user_groups($user));

all is well, but I am not sure if it is breaking anything where
perhaps the Groups are not set, e.g. if lib/setup/perms are not
executed. Is there a way to check if the Perms object already has
groups set? I was hoping to make it such that if it has been set that
it won't attempt to reset it here.

Or should I remove this and commit to trunk and hope nothing else breaks?

Nelson.

[Tiki-devel] Token access and get_perm_object

The Free / Libre / Open Source Web App with the most built-in features

[Tiki-devel] Token access and get_perm_object