Forum Index PD-Downloads Version 1.2 Permissions Problems |
Re: Version 1.2 Permissions Problems
|
||||
---|---|---|---|---|
Webmaster (O.M.A.)
|
hello
thank you for you feedback. and yes you are right with some points - first of all, gonzo and i did this module so you are on the right and best place for feedback about pd-downloads. you are absolutly right that $groups is an array, but we cant simply write "b.gperm_groupid = $groups", because it will end with that "b.gperm_groupid = Array". because we need to extract the array and make a right sql query out of it. the possible solution for that would be: get the size of the array, then we could make a string in a loop - so we could add every bit of the array to a string. so the result could be like this "b.gperm_groupid = 0 and b.gperm_groupid = 1" (and so on), but we have to test it if it works like i think. by the side, you are right about the problem - this is not new at all - the simplest and fastest solution is to put every user in only one group, its not a nice fix but it works i have to say that i dont have much free time at the moment to do developing on our modules and when i have free time i often have to do other thinks (that the true and the real life ) but i try to give me best to support every request, often i cant give a fix for problems because of my work but i always try to answer request and support them as good as possible.
Posted on: 2007/1/31 22:54
|
|||
The Solution Provider
_________________________________ _________________________________ ------ krobi@power-dreams.com |
||||
|
Version 1.2 Permissions Problems
|
||||
---|---|---|---|---|
Power-Dreams Anfänger
|
I've recently upgraded from version 1 to version 1.2. I have a section of files that I restrict to a particular Xoops group of users (let's call it 'specialGroup'). This functionality no longer works with this module. I believe the problem to be new and it isn't a matter of syntax. Rather, it seems to be a logical problem with out the code is set up.
Please look at the following code in singlefile.php:
$result = $xoopsDB->query("SELECT a.*, b.* FROM " . $xoopsDB->prefix("PDdownloads{$mydirnumber}_downloads") . " a, ".$xoopsDB->prefix('group_permission')." b WHERE (a.lid = $lid AND b.gperm_itemid = $lid) AND a.offline = 0 AND (a.published > 0 AND a.published <= $time_cur) AND (a.expired = 0 OR a.expired > $time_cur) AND b.gperm_modid = $module_id AND b.gperm_name = "PDDownFilePerm{$mydirnumber}" AND b.gperm_groupid = $groups[0]");
The last constraint on the query makes mention of $groups[0]. $groups is an array that simply contains a list of all the groups that the currently logged on user is a part of. The query is now hard-coded to only search on the first group that the user is a part of. This doesn't work! All users are a part of 'registered users' in Xoops. This group is always higher in the array than the 'specialGroup' group. Because of this, it's impossible or anyone to see my download record because singlefile.php doesn't recognize as anyone from 'registered users' as having access to the document! You can fix this particular page easily enough by removing the last constraint from the query shown above. This, however, doesn't fix the code in viewcat.php. The same problems apply, but they manifest themselves differently since the code there is much more complex. I can't be the first person to have run across this! It there a fix available (or being worked on) for this problem in how permissions are checked? I haven't spent much time on this myself yet, but it looks to me as if the programmers of this module have neglected to fully appreciate the task of checking permissions for each of these records. Please don't consider this post a flame. I very much appreciate this module and look forward to any responses. Thanks in advance for any help as it's much appreciated. Note: I'll be cross posting this over on the Xoops.org forum too.
Posted on: 2007/1/31 20:16
|
|||
|
You can view topic.
You can start a new topic.
You cannot reply to posts.
You cannot edit your posts.
You cannot delete your posts.
You cannot add new polls.
You cannot vote in polls.
You cannot attach files to posts.
You cannot post without approval.
You cannot use topic type.
You cannot use HTML syntax.
You cannot use signature.
You cannot create PDF files.
You cannot get print page.