Security function add_group_member() doesn't work as expected when called by internal BeBot process.

Bug #394866 reported by Andrew S. Zbikowski on 2009-07-02
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
BeBot
Undecided
Temar

Bug Description

Line 700 of Security.php, function add_group_member.

Default value for $caller is "Internal Process". The function has a check to see if the access level of $caller is greater than the access level of the group being modified.

        if ($this -> get_access_level($caller) < $this -> cache['groups'][$gid]['access_level'])
        {
            $return['error'] = TRUE;
            $return['errordesc'] = "Your Access Level is less than the Access Level of ".$group.". You cannot add members to ".$group.".";
            return $return;
        }

As this check does not provide an exception for Internal Process, and call to this function by an internal BeBot process will fail. Discovered this wile creating a module that would automatically populate a security group based on other criteria in the database.

summary: - Security function add_group_member()
+ Security function add_group_member() doesn't work as expected when
+ called by internal BeBot process.
Temar (chris-smith96) on 2009-07-03
Changed in bebot:
assignee: nobody → Temar (chris-smith96)
status: New → Fix Committed
Changed in bebot:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers