search

tingobol / yii-rights

Automatically exported from code.google.com/p/yii-rights
BSD 3-Clause "New" or "Revised" License
0 stars 0 forks source link

Pre-action filtering fails with case insensitive urls #64

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. set 'caseSensitive' to false in your urlManager config
2. make sure you are not logged in as a super user
3. navigate to a controller with two words, like FooBar, or an action with two 
words
(note: the controller you choose must use the rights filter, have an operation 
defined, and the operation must be assigned to the role or user you are testing 
with)

What is the expected output? What do you see instead?
Expected:  access checks pass
Actual:  all access checks fail (except super user of course)

What version of the product are you using? On what operating system?
rights 1.3.0, yii 1.1.8, php 5.3.8, Mac OS X 10.6.8

Please provide any additional information below.
I found that the controller IDs and action IDs are affected by the character 
case in the URL.  After reviewing the code that generates operations and tasks, 
I updated the pre-filter code to append the proper case controller and action 
ids to the authorization item name.  This works well for all URLs.  My patch is 
attached.

Original issue reported on code.google.com by ks...@qualys.com on 28 Sep 2011 at 5:56

Attachments:

GoogleCodeExporter commented 9 years ago 
Here is the correct patch.

Original comment by ks...@qualys.com on 28 Sep 2011 at 6:04

Attachments: