BeBot

Security function add_group_member() doesn't work as expected when called by internal BeBot process.

Bug #394866 reported by Andrew S. Zbikowski on 2009-07-02

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	BeBot	Fix Released	Undecided	Temar

Bug Description

Line 700 of Security.php, function add_group_member.

Default value for $caller is "Internal Process". The function has a check to see if the access level of $caller is greater than the access level of the group being modified.

        if ($this -> get_access_level($caller) < $this -> cache['groups'][$gid]['access_level'])
        {
            $return['error'] = TRUE;
            $return['errordesc'] = "Your Access Level is less than the Access Level of ".$group.". You cannot add members to ".$group.".";
            return $return;
        }

As this check does not provide an exception for Internal Process, and call to this function by an internal BeBot process will fail. Discovered this wile creating a module that would automatically populate a security group based on other criteria in the database.

Tags:

Andrew S. Zbikowski (andyzib) on 2009-07-02

summary:

- Security function add_group_member()
+ Security function add_group_member() doesn't work as expected when
+ called by internal BeBot process.

Temar (chris-smith96) on 2009-07-03

Changed in bebot:
assignee:	nobody → Temar (chris-smith96)
status:	New → Fix Committed

Thomas Juberg (thomas-juberg) on 2009-07-30

Changed in bebot:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.