Welcome to Geeklog, Anonymous Tuesday, November 26 2024 @ 11:47 pm EST
Geeklog Forums
Possible bug with story privileges?
Status: offline
Cod
Forum User
Newbie
Registered: 04/08/04
Posts: 2
I recently downloaded and installed GeekLog 1.3.9. I set up my Admin account and my Moderator account and I added one further account, call it Bob for the sake of it, simply to add and edit stories.
In addition to the regular privileges I gave Bob the "Story Admin" privilege. I then sucessfully Bob to add a new story. However, I'd made a typo and when I tried to go back and edit the story I found I was denied access.
I had a look and found the following lines in "/path/to/geeklog/public_html/admin/story.php" (I've hacked around with the code a bit so the line numbers might be out by 1 or 2 lines):
lines 96 to 97 (inside function storyeditor($sid, $mode)):
$access = min($access, SEC_hasTopicAccess ($A['tid']));
and lines 1009 to 1010 (inside function deletestory($sid)):
$access = min($access, SEC_hasTopicAccess ($A['tid']));
I believe the problem was that the calls to min() should have been calls to max(). Bob had appropriate privileges to edit/delete his story, but because he wasn't in "Topic Admin" group the min() function reducing them with the result that access was forbidden.
Am I right in thinking that as a "story admin" member but not a "topic admin" member, Bob should be able to change his own stories but not other peoples'? I'm fairly new to GeekLog so I might have misunderstood the story/topic privilege system, but my fix seems to make things work the way I want them so perhaps it's all good. My GeekLog installation certainly seems to work now.
Hope this helps!
Cod
In addition to the regular privileges I gave Bob the "Story Admin" privilege. I then sucessfully Bob to add a new story. However, I'd made a typo and when I tried to go back and edit the story I found I was denied access.
I had a look and found the following lines in "/path/to/geeklog/public_html/admin/story.php" (I've hacked around with the code a bit so the line numbers might be out by 1 or 2 lines):
lines 96 to 97 (inside function storyeditor($sid, $mode)):
Text Formatted Code
$access = SEC_hasAccess($A['owner_id'], ... );$access = min($access, SEC_hasTopicAccess ($A['tid']));
and lines 1009 to 1010 (inside function deletestory($sid)):
Text Formatted Code
$access = SEC_hasAccess ($A['owner_id'], ... );$access = min($access, SEC_hasTopicAccess ($A['tid']));
I believe the problem was that the calls to min() should have been calls to max(). Bob had appropriate privileges to edit/delete his story, but because he wasn't in "Topic Admin" group the min() function reducing them with the result that access was forbidden.
Am I right in thinking that as a "story admin" member but not a "topic admin" member, Bob should be able to change his own stories but not other peoples'? I'm fairly new to GeekLog so I might have misunderstood the story/topic privilege system, but my fix seems to make things work the way I want them so perhaps it's all good. My GeekLog installation certainly seems to work now.
Hope this helps!
Cod
6
14
Quote
Status: offline
Turias
Forum User
Full Member
Registered: 10/20/03
Posts: 807
Ah okay - I hadn't thought about it like that. The obvious way of looking at it to me was that all articles were in a single "directory" but that they could be filtered according to topic. Now I've read the FAQ article I see that this is not the paradigm.
Many thanks for your time!
Dave
Cod
Many thanks for your time!
Dave
Cod
10
12
Quote
All times are EST. The time is now 11:47 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content