1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Question about _assertViewingPermissions

Discussion in 'XenForo Development Discussions' started by netrix, May 22, 2013.

  1. netrix

    netrix Active Member

    When I overwrite this function like this
    PHP:
            public function  _assertViewingPermissions($action)
            {
     
            }
    it results into the situation that every permission check seems to be removed, even if somebody couldn't view the entire page, everything build on top of this class will be visible to the visitor, so my question is if there are any negative side effects?
     
  2. tyteen4a03

    tyteen4a03 Well-Known Member

    Well the permission check for all controllers that rely on this method will be completely ignored. Depends on your forum's needs this could range from No Big Deal to Massive Information Leak.
     
  3. netrix

    netrix Active Member

    This page must be always available and the original developer of this addon added the following code to make the page available in service mode.

    PHP:
            /**
            * overwrite the original method to show the page if the board is deactivated
            */
            
    public function _assertBoardActive($action)
            {
     
            }
    So I tried my change to keep it available, even if I do something wrong in the user right configs.
    So the question, if this will only remove the rights for everything which is based on this class? (Which shouldn't do harm)
     
  4. tyteen4a03

    tyteen4a03 Well-Known Member

    Yes.

    Also, _assertBoardActive is a protected function.
     
  5. Chris D

    Chris D XenForo Developer Staff Member

    How exactly are you extending it?

    Are you returning the parent response at any point (so it is extending and not overwriting it)?

    Also, you might want to ensure you're using the correct declaration.

    It should be protected function _assertViewingPermissions

    Basically the gist of what you want to do is this:

    PHP:
        protected function _assertViewingPermissions($action)
        {
            
    $parent parent::_assertViewingPermissions($action);
            
            
    // Your Extended Code Here
            
            
    return $parent;
        }
    There's no way that should be overwriting existing permissions... If it is, we might need to see your existing code to see where it is going wrong.
     
  6. netrix

    netrix Active Member

    This is the addon on GitHub: https://github.com/ragtek/InfoPage

    And this is the file: https://github.com/ragtek/InfoPage/blob/master/ControllerPublic/Info.php

    This is the Code, where I applied my changes to.
    PHP:
    <?php
     
        
    class Ragtek_InfoPage_ControllerPublic_Info extends XenForo_ControllerPublic_Abstract
        
    {
     
            public function 
    actionIndex()
            {
                
    $page $this->_input->filterSingle('page'XenForo_Input::STRING);
                return 
    $this->generateOutput($page);
            }
     
            protected function 
    generateOutput($page)
            {
                switch (
    $page) {
                    case 
    'impressum':
                        
    $content = new XenForo_Phrase('ragtek_infopage_impressum_content');
                        break;
                    case 
    'terms':
                        
    $content = new XenForo_Phrase('terms_rules_text');
                        break;
                    case 
    'privacy':
                        
    $content = new XenForo_Phrase('ragtek_infopage_privacy_content');
                        break;
                    case 
    'cookies':
                        
    $content = new XenForo_Phrase('help_cookies_description');
                    break;
                    default:
                        
    $content = new XenForo_Phrase('ragtek_infopage_global_content');
                }
     
                
    $viewParams = array(
                    
    'selected' => $page,
                    
    'content' => $content
                
    );
                return 
    $this->responseView('Ragtek_Impressum_ViewPublic_Impressum_Wrapper''ragtek_infopage_wrapper'$viewParams);
            }
     
            
    /**
            * return the action for the online list
            * @param array $activities
            * @return phrase
            */
            
    public static function getSessionActivityDetailsForList(array $activities)
            {
                foreach (
    $activities AS $activity) {
                    
    $do $activity['params']['page'];
                    switch (
    $do) {
                        case 
    'privacy':
                            
    $phrase = new XenForo_Phrase('viewing_ragtek_privacy');
                            break;
                        case 
    'terms':
                            
    $phrase = new XenForo_Phrase('viewing_ragtek_terms');
                            break;
                        case 
    'impressum':
                            break;
                        case 
    'cookies':
                            
    $phrase = new XenForo_Phrase('viewing_ragtek_cookiepage');
                        default:
                            
    $phrase = new XenForo_Phrase('viewing_ragtek_infopage');
                    }
                    return 
    $phrase;
                }
            }
     
            
    /**
            * overwrite the original method to show the page if the board is deactivated
            */
            
    public function _assertBoardActive($action)
            {
     
            }
     
            
    /**
            * (non-PHPdoc)
            * @see XenForo_ControllerPublic_Abstract::_assertViewingPermissions()
            * overwrite the original method to show the page even if the visitor has no right to view the page
            */
     
            
    public function  _assertViewingPermissions($action)
            {
     
            }
        }
    I just copied the part "public function _assert" and my IDE showed me the function "_assertViewingPermissions($action)". So I did the same thing that ragtek did with the other function "public function _assertBoardActive($action)".
     

Share This Page