Piwigo Bugtracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000110Piwigonavigationpublic2005.04.30 22:022005.08.18 09:57
Reporterplg 
Assigned Toplg 
PrioritylowSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version1.4.0 
Target VersionFixed in Version1.4.1 
Summary0000110: return to element view from element edition fails depending on permissions
DescriptionReturn to element view (picture.php) from element edition (admin.php?page=picture_modify) fails if element's physical category is forbidden to the admin user.
Steps To ReproduceGallery configuration :

- "element1" is physically linked to category "root > physical-1"
- "element1" is virtually linked to category "root > virtual-1"
- category "root > physical-1" is private
- "admin1" user is not authorized for category "root > physical-1"

Logged in as "admin1", return to picture.php from admin/picture_modify.php goes to category "root > physical-1" by default and as "admin1" can't see this category, an error message tells that access is forbidden.
TagsNo tags attached.
browserany
Database engine and version
PHP version
Web serverApache 1.3.x
Attached Files

- Relationships

-  Notes
(0000133)
plg (manager)
2005.04.30 22:16

It is possible that for an admin, viewing an element is impossible if no linked category is authorized for the admin... In that case, there should be no link to viewing, only a thumbnail.
(0000136)
plg (manager)
2005.05.01 14:18

Correction is partial for branch 1.4 : a linked category is randomly chosen but if no linked category is authorized for the admin user, then the link is to the storage category (which can be forbidden).

http://cvs.gna.org/viewcvs/phpwebgallery/phpwebgallery/admin/picture_modify.php.diff?r1=1.20&r2=1.20.2.1 [^]
(0000211)
plg (manager)
2005.08.18 09:57

On BSF (and for branch 1.5), a prettier solution was coded :

// jump to link
//
// 1. find all linked categories that are reachable for the current user.
// 2. if a category is available in the URL, use it if reachable
// 3. if URL category not available or reachable, use the first reachable
// linked category
// 4. if no category reachable, no jumpto link

- Issue History
Date Modified Username Field Change
2005.04.30 22:02 plg New Issue
2005.04.30 22:02 plg Status new => assigned
2005.04.30 22:02 plg Assigned To => plg
2005.04.30 22:02 plg browser => any
2005.04.30 22:02 plg Web server => Apache 1.3.x
2005.04.30 22:16 plg Note Added: 0000133
2005.05.01 14:18 plg Status assigned => resolved
2005.05.01 14:18 plg Fixed in Version => 1.4.1
2005.05.01 14:18 plg Resolution open => fixed
2005.05.01 14:18 plg Note Added: 0000136
2005.08.18 09:57 plg Note Added: 0000211
2005.08.18 09:57 plg Status resolved => closed


Copyright © 2000 - 2015 MantisBT Team
Contact
Powered by Mantis Bugtracker