Fixed No permission to create resources if no global permission

Jon W

Jon W

Well-known member
Because of this line of code at the top of actionAdd in the resource controller:
PHP: 
        if (!$categoryModel->canAddResource(null, $key))
        {
            throw $this->getErrorOrNoPermissionResponseException($key);
        }
it is not possible for a user to have permission to add resources to individual categories without having the global permission to add resources.

The above bit of code would be better suited here I think:
Rich (BB code): 
        if (!$category)
        {
            if (!$categoryModel->canAddResource(null, $key))
            {
                throw $this->getErrorOrNoPermissionResponseException($key);
            }
            $categories = $categoryModel->prepareCategories($categoryModel->getViewableCategories());
            return $this->responseView('XenResource_ViewPublic_Resource_ChooseCategory', 'resource_choose_category', array(
                'categories' =>$categories
            ));
        }
 
@Mike , it seems that the same is true for actually viewing the resource add-on as well.

Currently XenForo Resources Manager 1.1.1 has a bugged permission system that do not honor the category.

This is happening for all users.

Minimum global allow for registered (the rest are not set):

View resources
View resource images

Allowed in the usergroup within the category:

View resources:
View resource images:
Download resources:
Like resources/updates:
Rate resources:
Create resources:
Upload images with updates/resources:
Update/edit resources by self:
Can reply to reviews for own resources:

The result is that the user can view the resource, can download the resource, can like, Can rate. CANNOT Create a Resource (can't test the rest of the permission set).

If I do NOT set the "view resources" globally, user has no access to add-on and its categories.
 
Last edited:
If you do not have non-category level "view resource" permissions, you won't have access to any specific categories. That's expected. It's roughly saying that if you don't have a global permission to view the forum, no matter what you can't view any specific forums. Effectively, if you can't view a parent, you'll never be able to view the child regardless of the permissions. Viewing is a bit of a special case as it is effectively an override for everything else.

That said, I'm sort of confused as to what you're specifically saying because you mention creating a resource but then also mention viewing. If you believe there's a bug, please make a new bug report with a reproduce case and I'll look into it.
 
Mike, I believe that there are two bugs. One is specifically within the ability of adding resources. And that I can see that it has been taken care of.

The other one is pretty much the same, but related to viewing.

It does makes sense what you say, regarding the fact that your vision is to apply the "View Resources" permission globally to access the add-on in the first place. But you didn't document this behavior, so I am calling this a bug ;)
 

Similar threads

E
  • Question Question
RM 2.2 Add Resource" Button Question
Replies
2
Views
315
Eric P
E
mattrogowski
Confusing app_api_validate_request event behaviour
Replies
0
Views
327
mattrogowski
mattrogowski
nesman
  • Question Question
XF 2.2 Moving resource threads to new subforum
Replies
4
Views
456
nesman
nesman
mattrogowski
  • Suggestion Suggestion
Add Indeterminate category watch state
Replies
0
Views
1K
mattrogowski
mattrogowski
X
Uninstalling an add-on breaks other add-ons which implement a permissions using interface groups from the first add-on
Replies
9
Views
595
Xon
X
Top Bottom