Fixed No permission to create resources if no global permission

Jon W

Jon W

Well-known member
Because of this line of code at the top of actionAdd in the resource controller:
PHP: 
        if (!$categoryModel->canAddResource(null, $key))
        {
            throw $this->getErrorOrNoPermissionResponseException($key);
        }
it is not possible for a user to have permission to add resources to individual categories without having the global permission to add resources.

The above bit of code would be better suited here I think:
Rich (BB code): 
        if (!$category)
        {
            if (!$categoryModel->canAddResource(null, $key))
            {
                throw $this->getErrorOrNoPermissionResponseException($key);
            }
            $categories = $categoryModel->prepareCategories($categoryModel->getViewableCategories());
            return $this->responseView('XenResource_ViewPublic_Resource_ChooseCategory', 'resource_choose_category', array(
                'categories' =>$categories
            ));
        }
 
@Mike , it seems that the same is true for actually viewing the resource add-on as well.

Currently XenForo Resources Manager 1.1.1 has a bugged permission system that do not honor the category.

This is happening for all users.

Minimum global allow for registered (the rest are not set):

View resources
View resource images

Allowed in the usergroup within the category:

View resources:
View resource images:
Download resources:
Like resources/updates:
Rate resources:
Create resources:
Upload images with updates/resources:
Update/edit resources by self:
Can reply to reviews for own resources:

The result is that the user can view the resource, can download the resource, can like, Can rate. CANNOT Create a Resource (can't test the rest of the permission set).

If I do NOT set the "view resources" globally, user has no access to add-on and its categories.
 
Last edited:
If you do not have non-category level "view resource" permissions, you won't have access to any specific categories. That's expected. It's roughly saying that if you don't have a global permission to view the forum, no matter what you can't view any specific forums. Effectively, if you can't view a parent, you'll never be able to view the child regardless of the permissions. Viewing is a bit of a special case as it is effectively an override for everything else.

That said, I'm sort of confused as to what you're specifically saying because you mention creating a resource but then also mention viewing. If you believe there's a bug, please make a new bug report with a reproduce case and I'll look into it.
 
Mike, I believe that there are two bugs. One is specifically within the ability of adding resources. And that I can see that it has been taken care of.

The other one is pretty much the same, but related to viewing.

It does makes sense what you say, regarding the fact that your vision is to apply the "View Resources" permission globally to access the add-on in the first place. But you didn't document this behavior, so I am calling this a bug ;)
 

Similar threads

unproperlypropagated
As designed Mod with no permission to ban can still ban using the spam cleaner
Replies
3
Views
45
unproperlypropagated
unproperlypropagated
unproperlypropagated
  • Question Question
XF 2.3 No permission to post on others Profiles?
Replies
3
Views
53
Jeremy P
Jeremy P
puertoblack2003
  • Question Question
RM 2.3 Download Button =- No permission to download
Replies
5
Views
113
Rusty Snippets
Rusty Snippets
ge66
account_preferences should not show the setting for signatures if there is no permission for signatures
Replies
0
Views
94
ge66
ge66
Chernabog
  • Question Question
XF 2.2 "Your Content" under visitor tab account returns no permission to view content
Replies
11
Views
801
Chernabog
Chernabog
Back
Top Bottom