Permission bug in bridge with cpg1.4.8 and SMF posting usergroups Permission bug in bridge with cpg1.4.8 and SMF posting usergroups
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Permission bug in bridge with cpg1.4.8 and SMF posting usergroups

Started by StarBuG, August 06, 2006, 06:58:51 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

StarBuG

Hi

There is a bug when bridging cpg 1.4.8 with SMF 1.1 RC2 and using usergroups based on post count.

If a user starts a personal album he can allow users to see his album or set it to private.
But depending on the usergroup he is in he can only allow users in the same usergroup or lower to see his album.

This makes absolutly NO sence.

A user needs to be able to allow all usergroups potential access to his album.

E.g. I have a medical forum and maybe a new user wants to show me and all long time users of the forum a picture of his injury, but he does not want to show it to the rest. He can´t do this because he can only allow even newer users to see his photos.

Please correct this

If anyone has a quick fix for this I am all ears ;)

StarBuG
Patientenfragen.net - Das Patientenportal
Fragen und Antworten rund um das Thema Krankheit und Gesundheit.
Schulmedizin, Alternativmedizin, Prävention, Ernährung und vieles mehr.

Nibbler


StarBuG

Hi

And why is that?
Could this become maybe an admin thing?
Why can a user from a lower group want, that only lower members can see his fotos and not the members from the groups higher then him?

It makes no sense to me.

Any chance that this will be changed, or maybe an admin option?
If not, can anyone tell me how I modify it so that every member who can create a personal album can decide which user can see the pictures regardless in which group he is?

PLEASE

StarBuG
Patientenfragen.net - Das Patientenportal
Fragen und Antworten rund um das Thema Krankheit und Gesundheit.
Schulmedizin, Alternativmedizin, Prävention, Ernährung und vieles mehr.

Nibbler

Coppermine doesn't have any concept of higher and lower groups - all groups are the same. If you set visibility to a group you are not a member of then you can't see your own pictures anymore. I don't see any advantage in allowing that.

StarBuG

I know but when bridging with a forum software that is permission based I think this should be included into the bridge.

There should be an option to allow multiple usergroups viewing of my album when using a forum usergroups with permissions.

What do you think?
Patientenfragen.net - Das Patientenportal
Fragen und Antworten rund um das Thema Krankheit und Gesundheit.
Schulmedizin, Alternativmedizin, Prävention, Ernährung und vieles mehr.

Nibbler

I already told you. If you want to change it the code is here in modifyalb.php


    } else {
        $options = array(0 => $lang_modifyalb_php['public_alb'],
            FIRST_USER_CAT + USER_ID => $lang_modifyalb_php['me_only'],
            );
        $result = cpg_db_query("SELECT group_id, group_name FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_id IN " . USER_GROUP_SET);
        while ($group = mysql_fetch_array($result)) {
            $options[$group['group_id']] = sprintf($lang_modifyalb_php['groupp_only'], $group['group_name']);
        } // while
    }

StarBuG

Hi

I am no php programer so I can´t do it myself.
But thank you for pointing me to the code, maybe I can find someone who can help me.

Best regards

StarBuG
Patientenfragen.net - Das Patientenportal
Fragen und Antworten rund um das Thema Krankheit und Gesundheit.
Schulmedizin, Alternativmedizin, Prävention, Ernährung und vieles mehr.

Nibbler

$result = cpg_db_query("SELECT group_id, group_name FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_id IN " . USER_GROUP_SET);

to

$result = cpg_db_query("SELECT group_id, group_name FROM {$CONFIG['TABLE_USERGROUPS']}");

StarBuG

Hi

Thank you for your help, but what I would need is a multiple selection of Usergroups.

With your code change I can access all usergroups but I still can only chose one group that is able to see my album.

Could you help me with that too?

StarBuG
Patientenfragen.net - Das Patientenportal
Fragen und Antworten rund um das Thema Krankheit und Gesundheit.
Schulmedizin, Alternativmedizin, Prävention, Ernährung und vieles mehr.

Joachim Müller

That would require severe code changes. Has been requested often already. Currently, this simply is beyond the scope of what coppermine can do.

StarBuG

Ok, thank you for your help.

I have requested a modification on the SMF Support forum here:
http://www.simplemachines.org/community/index.php?topic=106195.0

Maybe someone is willing to work on this.

Can I post a modification/hack request in the Feature requests forum without it beeing declined because it was asked already?
Patientenfragen.net - Das Patientenportal
Fragen und Antworten rund um das Thema Krankheit und Gesundheit.
Schulmedizin, Alternativmedizin, Prävention, Ernährung und vieles mehr.

Joachim Müller

Quote from: StarBuG on August 15, 2006, 10:26:35 AM
Can I post a modification/hack request in the Feature requests forum without it beeing declined because it was asked already?
No, you mustn't, as this has been requested often already and is being taken into account for future versions. Yet another posting that asks for the same thing would be irrelevant. The feature requests board is not meant for postings that ask for hacks. It's only meant for possible features in future versions.