diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2008-12-02 04:38:45 +0000 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2008-12-02 04:38:45 +0000 |
| commit | ae4c828b06a752775250239f82e688925ab0e529 (patch) | |
| tree | d9f3b73d7b501ea78e16d3c5112b55ad2963083b | |
| parent | 52e63e7f75f3bac213393dd4194c089d09e3569b (diff) | |
Fix a problem in _update_access_cache() where if the intent is
default, we weren't properly propagating ALLOW where necessary.
| -rw-r--r-- | core/helpers/access.php | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/core/helpers/access.php b/core/helpers/access.php index 26b19614..81fb9415 100644 --- a/core/helpers/access.php +++ b/core/helpers/access.php @@ -331,11 +331,6 @@ class access_Core { // access_caches table will already contain DENY values and we won't be able to overwrite // them according the rule above. So mark every permission below this level as UNKNOWN so // that we can tell which permissions have been changed, and which ones need to be updated. - // - // Potential problem: if $item_id's intent is unspecified then we have to back up the tree to - // find the nearest non-default parent and update the map starting from there. That can't - // happen currently, but if it does, then the symptom will be that we have a branch of - // access_caches in the UNKNOWN state. $db->query("UPDATE `access_caches` SET `$field` = ? " . "WHERE `item_id` IN " . " (SELECT `id` FROM `items` " . @@ -372,6 +367,17 @@ class access_Core { " AND `right` <= $row->right)"); } } + + // Finally, if our intent is DEFAULT at this point it means that we were unable to find a + // DENY parent in the hierarchy to propagate from. So we'll still have a UNKNOWN values in + // the hierarchy, and all of those are safe to change to ALLOW. + $db->query("UPDATE `access_caches` SET `$field` = ? " . + "WHERE `$field` = ? " . + "AND `item_id` IN " . + " (SELECT `id` FROM `items` " . + " WHERE `left` >= $item->left " . + " AND `right` <= $item->right)", + array(self::ALLOW, self::UNKNOWN)); } else { // If the item's intent is ALLOW or DEFAULT, it's possible that some ancestor has specified // DENY and this ALLOW cannot be obeyed. So in that case, back up the tree and find any |