search

kumarsivarajan / yii-usergroups

Automatically exported from code.google.com/p/yii-usergroups
0 stars 0 forks source link

Unable to save other user/group permissions when logged in user only has userGroups.admin.write permissions #5

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1.Create an Yii web application
2.Install userGroups module
3.Login with root/admin user created during the userGroups module installation
4.Access Root Tools
5.Create a group with level 10 named test10
6.Create a group with level 20 named test20
7.Create a user with permissions "userGroups.admin.write" that belongs to group 
test20 named user1
7.Create a user that belongs to group test10 named user2
8.Login with user1
9.Access Root Tools and try to change the permissions of user user2 to include 
"userGroups.admin.write" 

What is the expected output?
The permissions are saved and and the userGroups/admin is reload

What do you see instead?
An PHP error message saying Undefined variable: element_id 
File -  protected\modules\userGroups\controllers\AdminController.php(195)
Line - $existing = 
UserGroupsAccess::model()->findAllByAttributes(array('element'=> 
(int)$formData['what'], 'element_id' => $element_id));

What version of the product are you using? On what operating system?
Yii 1.1.7
userGroups 1.6.3
Windows 7 Enterprise 64 bits
Xampp 1.7.4

Please provide any additional information below.
The variable element_id is only initialized if the user has 
userGroups.admin.admin permissions (check the line 161 and 188 on the 
AdminController

Original issue reported on code.google.com by artur.ol...@gmail.com on 20 Apr 2011 at 1:19

GoogleCodeExporter commented 8 years ago 
start investigation!

Original comment by nic...@creationgears.com on 20 Apr 2011 at 1:24

GoogleCodeExporter commented 8 years ago 
fixed

Original comment by nic...@creationgears.com on 20 Apr 2011 at 2:09

GoogleCodeExporter commented 8 years ago 
Nice work
The problem is fixed with v 1.6.4 however the version in the configuration 
database table was not updated. 
Could please help

Original comment by artur.ol...@gmail.com on 20 Apr 2011 at 7:45

GoogleCodeExporter commented 8 years ago 
i know, right now it's not actually doing an update on the db... when i'll be 
doing a proper update page there will be one

Original comment by nic...@creationgears.com on 21 Apr 2011 at 10:25

GoogleCodeExporter commented 8 years ago 
After some more testing i realized that the problem was not completely solved.
If changing a user's permissions another problem appears.
Your fix is not good.
Try:
                if (!isset($element_id)) {// fix for users with no admin permissions //OLIVEIRAA - ADDED OPEN BRACKET
                    if ((int)$formData['what'] === UserGroupsAccess::GROUP) { //OLIVEIRAA - ADDED
                        $element_id = UserGroupsGroup::model()->findByPk((int)$formData['id'])->id;
                    } else if ((int)$formData['what'] === UserGroupsAccess::USER) { //OLIVEIRAA - ADDED
                        $element_id = UserGroupsUser::model()->findByPk((int)$formData['id'])->id; //OLIVEIRAA - ADDED
                    } //OLIVEIRAA - ADDED
                }

Original comment by artur.ol...@gmail.com on 25 Apr 2011 at 10:52