• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Fixed No permission to create resources if no global permission

Jon W

Well-known member
#1
Because of this line of code at the top of actionAdd in the resource controller:
PHP:
        if (!$categoryModel->canAddResource(null, $key))
        {
            throw $this->getErrorOrNoPermissionResponseException($key);
        }
it is not possible for a user to have permission to add resources to individual categories without having the global permission to add resources.

The above bit of code would be better suited here I think:
Code:
        if (!$category)
        {
            if (!$categoryModel->canAddResource(null, $key))
            {
                throw $this->getErrorOrNoPermissionResponseException($key);
            }
            $categories = $categoryModel->prepareCategories($categoryModel->getViewableCategories());
            return $this->responseView('XenResource_ViewPublic_Resource_ChooseCategory', 'resource_choose_category', array(
                'categories' =>$categories
            ));
        }
 

Garani

Active member
#3
@Mike , it seems that the same is true for actually viewing the resource add-on as well.

Currently XenForo Resources Manager 1.1.1 has a bugged permission system that do not honor the category.

This is happening for all users.

Minimum global allow for registered (the rest are not set):

View resources
View resource images

Allowed in the usergroup within the category:

View resources:
View resource images:
Download resources:
Like resources/updates:
Rate resources:
Create resources:
Upload images with updates/resources:
Update/edit resources by self:
Can reply to reviews for own resources:

The result is that the user can view the resource, can download the resource, can like, Can rate. CANNOT Create a Resource (can't test the rest of the permission set).

If I do NOT set the "view resources" globally, user has no access to add-on and its categories.
 
Last edited:

Mike

XenForo developer
Staff member
#4
If you do not have non-category level "view resource" permissions, you won't have access to any specific categories. That's expected. It's roughly saying that if you don't have a global permission to view the forum, no matter what you can't view any specific forums. Effectively, if you can't view a parent, you'll never be able to view the child regardless of the permissions. Viewing is a bit of a special case as it is effectively an override for everything else.

That said, I'm sort of confused as to what you're specifically saying because you mention creating a resource but then also mention viewing. If you believe there's a bug, please make a new bug report with a reproduce case and I'll look into it.
 

Garani

Active member
#5
Mike, I believe that there are two bugs. One is specifically within the ability of adding resources. And that I can see that it has been taken care of.

The other one is pretty much the same, but related to viewing.

It does makes sense what you say, regarding the fact that your vision is to apply the "View Resources" permission globally to access the add-on in the first place. But you didn't document this behavior, so I am calling this a bug ;)