Group permissions don't work Group permissions don't work
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Group permissions don't work

Started by LilAngel, December 10, 2005, 03:58:23 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

LilAngel

It seems like the group settings aren't working on my gallery after the upgrade.
I used to have a group "BannedUploading" for users which didn't have upload permission. I noticed members of that group started to upload crap, so I reviewed my settings; everything was ok. I created a test user and assigned it to that group and guess what: I can still upload with that account. It terribly bugs me, cause I'm really annoyed by the files these people upload, I keep having to disapprove them.
I created the BannedUploading group again, but it still doesnt work.

I honestly don't know what's wrong with the settings; is this a common bug?

(https://coppermine-gallery.com/forum/proxy.php?request=http%3A%2F%2Ftinypic.com%2Fief789.jpg&hash=d6f9eb0c61c0e89be5412815ee75ca06aa7aa1f6)
(https://coppermine-gallery.com/forum/proxy.php?request=http%3A%2F%2Ftinypic.com%2Fief7ev.jpg&hash=fb4a3e46af52aae81180b17f9dbb005fae2e6660)

Sorry for the low quality screencaps.

Nibbler

Looks like a new bug. You need to edit bridge/coppermine.inc.php, find this function


        // Get groups of which user is member
        function get_groups( &$user )
        {

                $group_list = in_array($user['group_id'] - 100, $this->admingroups) ? 1 : 2;

                $sql = "SELECT user_group_list FROM {$this->usertable} AS u WHERE {$this->field['user_id']}='{$user['id']}' and user_group_list <> '';";

                $result = cpg_db_query($sql, $this->link_id);

                if ( $row = mysql_fetch_array($result) ) {

                        if ($row['user_group_list']) {
                                $group_list .= ','.$row['user_group_list'];
                        }

                        mysql_free_result($result);
                }

                $all_groups = explode(',',$group_list);

                if ( $admin_groups = array_intersect($this->admingroups, $all_groups) ) {
                        $all_groups[0] = 1;
                }

                if ( !in_array($user['group_id'] - 100, $all_groups) ) {
                        $all_groups[] = intval($user['group_id'] - 100);
                }

                return $all_groups;
        }


And replace it with this new version


        // Get groups of which user is member
        function get_groups( &$user )
        {
$groups = array($user['group_id'] - 100);

$sql = "SELECT user_group_list FROM {$this->usertable} AS u WHERE {$this->field['user_id']}='{$user['id']}' and user_group_list <> '';";

$result = cpg_db_query($sql, $this->link_id);

if ($row = mysql_fetch_array($result)){
$groups = array_merge($groups, explode(',', $row['user_group_list']));
}

mysql_free_result($result);

return $groups;
        }


Please report back if this solves the issue for you.

Also report back if it doesn't :)

LilAngel

Yep, that worked!

Issue is solved!  ;D

Nibbler


LilAngel

I noticed something.

About 2 days ago, someone complained about not being able to log in. Then today there was someone else complaining, and I also noticed people could upload without upload upproval. I checked the group settings, and ALL of the custom groups were gone. Thankfully, we did have a backup. I'm not sure if this is related to this bug and the editing, but it's very odd. Maybe something you need to double check?
Just saying to warn you. :)