Welcome to Geeklog Monday, October 21 2019 @ 01:28 pm EDT

Geeklog Forums

Trouble with Poll Admins


lopez

Anonymous
I'm trying to set up a couple of users at my geeklog site so they can create new polls. So far I've been unsuccessful. I assigned the users to the Poll Admin group, and they are able to edit existing polls, but when they try to create a new poll, they get this error:

Edit Poll
Access Denied

You are trying to access a poll that you don't have rights to. This attempt has been logged. Please go back to the poll administration screen.

Edit Poll
Access Denied

You are trying to access a poll that you don't have rights to. This attempt has been logged. Please go back to the poll administration screen.

Yes, that error is repeated. It's nested, too. Any idea what's going on? I can add new polls from my user name, which is assigned to all groups (root as well.)

thanks, jon


Status: offline

Tony

Site Admin
Admin
Registered: 17/12/01
Posts: 405
Location:Urbandale, Iowa
What rights does your Poll Admin group have for rights? At the top of admin/poll.php there is a call to SEC_hasRights(). That will check if the user has the right(s) needed to access the poll admin page. In this case, you need to make sure your Poll Admin group has access to the poll.edit right (via the group admin screen). Without it , the user can't use the poll administration page. ----- The reason people blame things on previous generations is that there's only one other choice.
The reason people blame things on previous generations is that there's only one other choice.

Status: offline

Tony

Site Admin
Admin
Registered: 17/12/01
Posts: 405
Location:Urbandale, Iowa
You problem is in editPoll in admin/poll.php after the call to SEC_hasAccess() put this: COM_errorLog('access is ' . \$access); Then check to see what this prints in your error.log ----- The reason people blame things on previous generations is that there's only one other choice.
The reason people blame things on previous generations is that there's only one other choice.

lopez

Anonymous
First, I had to remove the \ from that code, because it didn't work otherwise. But, with COM_errorLog('access is ' . $access); I get: 03/06/02 15:14:26 - access is This is with a brand-new user I created and assigned to the "Poll Admin" group.

Status: offline

Tony

Site Admin
Admin
Registered: 17/12/01
Posts: 405
Location:Urbandale, Iowa
hmm, well, you'll have to debug why $access is empty. It should return something for you. ----- The reason people blame things on previous generations is that there's only one other choice.
The reason people blame things on previous generations is that there's only one other choice.

lopez

Anonymous
This is really interesting ... In SEC_hasAccess I put some COM_errorLogs to see what was going on. When SEC_hasAccess gets called from anywhere except for poll_edit as a user who belongs to the Poll Admin group, I see valid entries for $uid, $group_id, $owner_id and $perm_members. In these instances, SEC_hasAccess works properly. When SEC_hasAccess gets called from poll_edit, however, I get a valid $uid, but those three other variables are all blank. SEC_hasAccess returns $perm_members, and since it is blank, the poll can't be edited. I suspect this is because $qid is blank, and SELECT * FROM pollquestions WHERE qid = ''; returns 0 records. Since $question consists of an empty recordset, $perm_members and the other variables are also blank. When I do this as root user, it always returns 3, because of that root check at the top of SEC_hasAccess.

All times are EDT. The time is now 01:28 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content