1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Fixed Resource edit permission check is incorrect in some cases

Discussion in 'Resource Manager Resolved Bugs' started by Pepelac, Apr 12, 2013.

  1. Pepelac

    Pepelac Well-Known Member

    The canEditResource method will not work correctly if user has no permission to edit own resources, but has permission to edit resources by anyone.

    I suggest to change this method (and possibly others) in this way

    PHP:
    public function canEditResource(array $resource, array $category, &$errorPhraseKey '', array $viewingUser null)
        {
            
    $this->standardizeViewingUserReference($viewingUser);
     
            if (!
    $viewingUser['user_id'])
            {
                return 
    false;
            }
     
            
    $updateSelf false;
            if (
    $resource['user_id'] == $viewingUser['user_id'])
            {
                
    $updateSelf XenForo_Permission::hasPermission($viewingUser['permissions'], 'resource''updateSelf');
            }
     
            return 
    $updateSelf || XenForo_Permission::hasPermission($viewingUser['permissions'], 'resource''editAny');
        }
     
    Romchik® likes this.
  2. Mike

    Mike XenForo Developer Staff Member

    Fixed thanks.
     

Share This Page