Piwigo Bugtracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000110Piwigonavigationpublic2005.04.30 22:022005.08.18 09:57
Assigned Toplg 
PlatformOSOS Version
Product Version1.4.0 
Target VersionFixed in Version1.4.1 
Summary0000110: return to element view from element edition fails depending on permissions
DescriptionReturn to element view (picture.php) from element edition (admin.php?page=picture_modify) fails if element's physical category is forbidden to the admin user.
Steps To ReproduceGallery configuration :

- "element1" is physically linked to category "root > physical-1"
- "element1" is virtually linked to category "root > virtual-1"
- category "root > physical-1" is private
- "admin1" user is not authorized for category "root > physical-1"

Logged in as "admin1", return to picture.php from admin/picture_modify.php goes to category "root > physical-1" by default and as "admin1" can't see this category, an error message tells that access is forbidden.
TagsNo tags attached.
Database engine and version
PHP version
Web serverApache 1.3.x
Attached Files

- Relationships

-  Notes
plg (manager)
2005.04.30 22:16

It is possible that for an admin, viewing an element is impossible if no linked category is authorized for the admin... In that case, there should be no link to viewing, only a thumbnail.
plg (manager)
2005.05.01 14:18

Correction is partial for branch 1.4 : a linked category is randomly chosen but if no linked category is authorized for the admin user, then the link is to the storage category (which can be forbidden).

http://cvs.gna.org/viewcvs/phpwebgallery/phpwebgallery/admin/picture_modify.php.diff?r1=1.20&r2= [^]
plg (manager)
2005.08.18 09:57

On BSF (and for branch 1.5), a prettier solution was coded :

// jump to link
// 1. find all linked categories that are reachable for the current user.
// 2. if a category is available in the URL, use it if reachable
// 3. if URL category not available or reachable, use the first reachable
// linked category
// 4. if no category reachable, no jumpto link

- Issue History
Date Modified Username Field Change
2005.04.30 22:02 plg New Issue
2005.04.30 22:02 plg Status new => assigned
2005.04.30 22:02 plg Assigned To => plg
2005.04.30 22:02 plg browser => any
2005.04.30 22:02 plg Web server => Apache 1.3.x
2005.04.30 22:16 plg Note Added: 0000133
2005.05.01 14:18 plg Status assigned => resolved
2005.05.01 14:18 plg Fixed in Version => 1.4.1
2005.05.01 14:18 plg Resolution open => fixed
2005.05.01 14:18 plg Note Added: 0000136
2005.08.18 09:57 plg Note Added: 0000211
2005.08.18 09:57 plg Status resolved => closed

Copyright © 2000 - 2015 MantisBT Team
Powered by Mantis Bugtracker