Welcome to Geeklog Friday, September 25 2020 @ 11:26 pm EDT

Geeklog Forums

[Bug Fix] Story Admin editing own stories


Status: offline

THEMike

Forum User
Moderator
Registered: 25/07/03
Posts: 141
Location:Sheffield, UK
I think I've found a bug in Geeklog 1.3.8: If I grant a user 'Story Admin' and the user then writes a story and saves it as a draft, that user is unable to edit the story, they are presented with the error message:
Access Denied You are trying to access a story that you don't have rights to. This attempt has been logged. You may view the article in read-only below. Please go back to the story administration screen when you are done.
Checking the code out, story.php in the admin folder on lines 96 and 97 does:
PHP Formatted Code

$access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']);
$access = min ($access, SEC_hasTopicAccess ($A['tid']));
 
If the author is Owner of the story, SEC_hasAccess returns 3 (Read/Edit), however, the author is not a Topic Admin, nor is the author owner of the topic that the story belongs to, so SEC_hasTopicAccess returns 2 (Read Only). This means that the Story Admin is unable to edit their own articles. Which kind of sucks IMHO. So the fix: Line 97:
PHP Formatted Code

$access = max ($access, SEC_hasTopicAccess ($A['tid']));
 
I beleive this is a bug, and the fix works, is there a reason you'd need to be a topic admin to edit your article if you are a story admin? Cheers.
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Quote by THEMike:I beleive this is a bug, and the fix works, is there a reason you\'d need to be a topic admin to edit your article if you are a story admin?
This is not a bug, it\'s a feature. You don\'t need to be Topic Admin, you only need to be in the same group that owns the topic. So, in your case, change the group ownership of that topic accordingly. The idea is that Geeklog\'s permission system works similar to the permissions on a typical Unix file system: If you don\'t have access to the directory (topic), you don\'t get access to the file (story) in it. bye, Dirk
 Quote

Status: offline

THEMike

Forum User
Moderator
Registered: 25/07/03
Posts: 141
Location:Sheffield, UK
Ah that makes sense. Oops! Didn\'t read that in any docs, I\'ll go and undo my fix. Code isn\'t 100% logical then, surely if you don\'t have access to a unix directory, you can\'t write a file to it? Thus if you don\'t have access to a topic (via your group) you can\'t create an article in it? Which my users, can, perhaps that is the real bug, and it was something I was looking for as a feature anyway, I have some topics I want only me to be able to post to. Cheers.
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Quote by THEMike:Code isn\'t 100% logical then, surely if you don\'t have access to a unix directory, you can\'t write a file to it? Thus if you don\'t have access to a topic (via your group) you can\'t create an article in it?
Well, yes and no. Normal users can submit stories to any topic they can see - but it has to go through moderation. For Story Admins, there may be some room for improvements. Should they be able to see stories in the story list that they can read (since they are also normal users) but not edit? Btw, the request for some kind of \"read-only topic\" that normal users can see but not submit to is not new, but hasn\'t been implemented yet ... bye, Dirk
 Quote

All times are EDT. The time is now 11:26 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content