Closed steverowling closed 8 years ago
Might have missed some parts when designing the user group exporting. This fix might end up being part of the migration update.
Should be part of the latest commit on the hotfix branch if you want to test it out.
Just tested the hot-fix/1.5.4 branch.
The categories are now exporting with handles rather than ids now, thanks.
However, I've now noticed that the createSubfoldersInAssetSource
permission is not linked to the assetSources
part of the JSON, but instead appears in the sections
part. Example below:
{
"userGroups": [
{
"name": "Test Group",
"handle": "testGroup"
}
],
"userGroupPermissions": [
{
"handle": "testGroup",
"permissions": {
"general": [
"registerUsers",
"assignUserPermissions",
"administrateUsers",
"editUsers",
"editLocale:en_gb_site1",
"editLocale:en_gb_site2"
],
"assetSources": {
"acUserTaskFiles": [
"uploadToAssetSource",
"removeFromAssetSource",
"viewAssetSource"
]
},
"sections": {
"0": [
"createSubfoldersInAssetSource"
]
},
"categories": {
"acCustomCategories": [
"editCategories"
]
}
}
}
]
}
Didn't see you were online on craft slack so pushed the version thinking you would check tomorrow.
I started a new hotfix branch fixing this.
When exporting User Groups, the permissions relating to category groups refer to the ids of the category groups. This is obviously dependent on adding category groups in the same order in installs that you wish to transfer User Group permissions between. This is inherently problematic as the chances of this happening are very slim.
Since fields and sections use handles when importing/exporting, they don't suffer from this vulnerability. Would it be possible to use the same technique for User Group permissions too?