Fixed No permission to create resources if no global permission

Jon W

Jon W

Well-known member
Because of this line of code at the top of actionAdd in the resource controller:
PHP: 
        if (!$categoryModel->canAddResource(null, $key))
        {
            throw $this->getErrorOrNoPermissionResponseException($key);
        }
it is not possible for a user to have permission to add resources to individual categories without having the global permission to add resources.

The above bit of code would be better suited here I think:
Rich (BB code): 
        if (!$category)
        {
            if (!$categoryModel->canAddResource(null, $key))
            {
                throw $this->getErrorOrNoPermissionResponseException($key);
            }
            $categories = $categoryModel->prepareCategories($categoryModel->getViewableCategories());
            return $this->responseView('XenResource_ViewPublic_Resource_ChooseCategory', 'resource_choose_category', array(
                'categories' =>$categories
            ));
        }
 
@Mike , it seems that the same is true for actually viewing the resource add-on as well.

Currently XenForo Resources Manager 1.1.1 has a bugged permission system that do not honor the category.

This is happening for all users.

Minimum global allow for registered (the rest are not set):

View resources
View resource images

Allowed in the usergroup within the category:

View resources:
View resource images:
Download resources:
Like resources/updates:
Rate resources:
Create resources:
Upload images with updates/resources:
Update/edit resources by self:
Can reply to reviews for own resources:

The result is that the user can view the resource, can download the resource, can like, Can rate. CANNOT Create a Resource (can't test the rest of the permission set).

If I do NOT set the "view resources" globally, user has no access to add-on and its categories.
 
Last edited:
If you do not have non-category level "view resource" permissions, you won't have access to any specific categories. That's expected. It's roughly saying that if you don't have a global permission to view the forum, no matter what you can't view any specific forums. Effectively, if you can't view a parent, you'll never be able to view the child regardless of the permissions. Viewing is a bit of a special case as it is effectively an override for everything else.

That said, I'm sort of confused as to what you're specifically saying because you mention creating a resource but then also mention viewing. If you believe there's a bug, please make a new bug report with a reproduce case and I'll look into it.
 
Mike, I believe that there are two bugs. One is specifically within the ability of adding resources. And that I can see that it has been taken care of.

The other one is pretty much the same, but related to viewing.

It does makes sense what you say, regarding the fact that your vision is to apply the "View Resources" permission globally to access the add-on in the first place. But you didn't document this behavior, so I am calling this a bug ;)
 

Similar threads

puertoblack2003
  • Question Question
RM 2.3 Download Button =- No permission to download
Replies
5
Views
77
Rusty Snippets
Rusty Snippets
ge66
account_preferences should not show the setting for signatures if there is no permission for signatures
Replies
0
Views
93
ge66
ge66
Chernabog
  • Question Question
XF 2.2 "Your Content" under visitor tab account returns no permission to view content
Replies
11
Views
796
Chernabog
Chernabog
A
  • Question Question
XF 2.2 "No permission to buy" on xenforo resource page
Replies
2
Views
1K
Aaron1981
A
bzcomputers
When an author posts a new resource/add-on, XenForo should ask for permission to use the code or make it open source if it becomes "abandoned"
Replies
16
Views
1K
TPerry
TPerry
Back
Top Bottom