Welcome to Geeklog, Anonymous Wednesday, May 29 2024 @ 05:45 am EDT
Geeklog Forums
Possible bug with story privileges?
Status: offline
Cod
Forum User
Newbie
Registered: 04/08/04
Posts: 2
I recently downloaded and installed GeekLog 1.3.9. I set up my Admin account and my Moderator account and I added one further account, call it Bob for the sake of it, simply to add and edit stories.
In addition to the regular privileges I gave Bob the "Story Admin" privilege. I then sucessfully Bob to add a new story. However, I'd made a typo and when I tried to go back and edit the story I found I was denied access.
I had a look and found the following lines in "/path/to/geeklog/public_html/admin/story.php" (I've hacked around with the code a bit so the line numbers might be out by 1 or 2 lines):
lines 96 to 97 (inside function storyeditor($sid, $mode)):
$access = min($access, SEC_hasTopicAccess ($A['tid']));
and lines 1009 to 1010 (inside function deletestory($sid)):
$access = min($access, SEC_hasTopicAccess ($A['tid']));
I believe the problem was that the calls to min() should have been calls to max(). Bob had appropriate privileges to edit/delete his story, but because he wasn't in "Topic Admin" group the min() function reducing them with the result that access was forbidden.
Am I right in thinking that as a "story admin" member but not a "topic admin" member, Bob should be able to change his own stories but not other peoples'? I'm fairly new to GeekLog so I might have misunderstood the story/topic privilege system, but my fix seems to make things work the way I want them so perhaps it's all good. My GeekLog installation certainly seems to work now.
Hope this helps!
Cod
In addition to the regular privileges I gave Bob the "Story Admin" privilege. I then sucessfully Bob to add a new story. However, I'd made a typo and when I tried to go back and edit the story I found I was denied access.
I had a look and found the following lines in "/path/to/geeklog/public_html/admin/story.php" (I've hacked around with the code a bit so the line numbers might be out by 1 or 2 lines):
lines 96 to 97 (inside function storyeditor($sid, $mode)):
Text Formatted Code
$access = SEC_hasAccess($A['owner_id'], ... );$access = min($access, SEC_hasTopicAccess ($A['tid']));
and lines 1009 to 1010 (inside function deletestory($sid)):
Text Formatted Code
$access = SEC_hasAccess ($A['owner_id'], ... );$access = min($access, SEC_hasTopicAccess ($A['tid']));
I believe the problem was that the calls to min() should have been calls to max(). Bob had appropriate privileges to edit/delete his story, but because he wasn't in "Topic Admin" group the min() function reducing them with the result that access was forbidden.
Am I right in thinking that as a "story admin" member but not a "topic admin" member, Bob should be able to change his own stories but not other peoples'? I'm fairly new to GeekLog so I might have misunderstood the story/topic privilege system, but my fix seems to make things work the way I want them so perhaps it's all good. My GeekLog installation certainly seems to work now.
Hope this helps!
Cod
2
11
Quote
Status: offline
Turias
Forum User
Full Member
Registered: 10/20/03
Posts: 807
Ah okay - I hadn't thought about it like that. The obvious way of looking at it to me was that all articles were in a single "directory" but that they could be filtered according to topic. Now I've read the FAQ article I see that this is not the paradigm.
Many thanks for your time!
Dave
Cod
Many thanks for your time!
Dave
Cod
7
8
Quote
All times are EDT. The time is now 05:45 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content