[dev] Permission check problems (always true)

Andre Pawlowski sqall at h4des.org
Thu Feb 26 21:07:26 UTC 2009



Michael Rubinsky wrote:
>
>
> This is incorrect. Check the function signature - it should be ($app,
> $permission) - and it always checks the permission of the currently
> logged in user. 
Well, I don't know if you are right. When I take a look to
lib/Horde/Perms.php this is the called function:

function hasPermission($permission, $user, $perm, $creator = null)

And this is the Header:

    /**
     * Finds out if the user has the specified rights to the given object.
     *
     * @param string $permission  The permission to check.
     * @param string $user        The user to check for.
     * @param integer $perm       The permission level that needs to be
checked
     *                            for.
     * @param string $creator     The creator of the event
     *
     * @return boolean  True if the user has the specified permissions.
     */

I know, I've used:

$registry->hasPermission(Auth::getAuth(), PERMS_EDIT)

But when I take a look to the contact.php of Turba, there the function is called:

$contact->hasPermission(PERMS_EDIT)

And it works fine there.


> It's used to check overall permissions on the application - can the
> current user see it etc... It's probably returning true becuase your
> logged in as the administrator.
No, I've tried it with a special test user. I was not admin.

> Anyway, what, exactly are you checking permissions on?  You mention
> "Turba". Are you checking to see if a user can edit a certain contact
> or address book?
>
Turba was just an example where I was looking for some working
permission checks. I'm writing an own Horde application. The PERMS_EDIT
check was an example too. I need to check for read permission and write
permission. If the user has just read permission, he can only download
files. If he has only write permission, he can just upload files. If he
has both, he can do both too. This is what I need.

Best regards

-- 

Andre Pawlowski

-------------------------------------------------------------------

Your effort to remain what you are is what limits you.
	-Ghost in the Shell (Puppet Master)



More information about the dev mailing list