search

tpokorra / KolabScripts

some scripts useful for Kolab3 and higher, written by TBits.net, including patches already submitted to Kolab Bugzilla
14 stars 13 forks source link

Domain Admin Permissions are cached without permissions #81

Open tpokorra opened 6 years ago

tpokorra commented 6 years ago

we have had a test case with a domain admin, that was not able to add users. only read on domain.

lib/api/kolab_api_service_user.php, function capabilities:

should have been:

[ERROR] rights: Array
(
    [add] => w
    [delete] => w
    [edit] => w
    [info] => r
    [find] => r
    [userreport] => r
    [adminreport] => r
    [effective_rights] => r
)

but was:

[ERROR] rights: Array
(
    [info] => r
    [find] => r
    [userreport] => r
    [adminreport] => r
    [effective_rights] => r
)

see caching in lib/Auth/LDAP.php, function effective_rights

tpokorra commented 6 years ago

I have noted this already in https://github.com/TBits/KolabScripts/issues/67#issuecomment-228343610