There's a problem with assigning rights to pages where the user is forced to assign page rights to all the groups that he/her is a member of. This works well when a user is a member of a single group but when a user can be a member of multiple groups it's a problem.
To reproduce the problem:
- Create a number of groups
- Create a user with page rights and membership to a few groups
- Create a page as private and notice that the page is forced to all groups he/she is member of.
This can be reproduced with the code in the trunk
Possible Fix:
Basically the idea is to remove 'disabled' from the page group viewing and admin rights (except administrator group) so that the rights can be taken off if desired. Then added a piece of post validation so that the user can't completely remove access to their own page.
It looks something like this (- for delete + for add):
In admin/pages/add.php:
Find these lines and remove them:
if(!in_array(1, $admin->get_groups_id())) {
$admin_groups[] = implode(",",$admin->get_groups_id());
}
and also remove
if(!in_array(1, $admin->get_groups_id())) {
$viewing_groups[] = implode(",",$admin->get_groups_id());
}
Add the following somewhere in the post validation:
// Check to see if page created has needed permissions
if(!in_array(1, $admin->get_groups_id())) {
$admin_perm_ok = false;
foreach ($admin_groups as $adm_group) {
if (in_array($adm_group, $admin->get_groups_id())) {
$admin_perm_ok = true;
}
}
if ($admin_perm_ok == false) {
$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);
}
$admin_perm_ok = false;
foreach ($viewing_groups as $view_group) {
if (in_array($view_group, $admin->get_groups_id())) {
$admin_perm_ok = true;
}
}
if ($admin_perm_ok == false) {
$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);
}
}
In admin/pages/index.php:
In both places change:
$flag_disabled = ' disabled';
To:
$flag_disabled = '';
In admin/pages/settings2.php:
Remove the following lines:
if(!in_array(1, $admin->get_groups_id())) {
$admin_groups[] = implode(",",$admin->get_groups_id());
}
and also remove
if(!in_array(1, $admin->get_groups_id())) {
$viewing_groups[] = implode(",",$admin->get_groups_id());
}
In admin/pages/settings.php:
In both places change:
$flag_disabled = ' disabled';
$flag_checked = ' checked';
To:
$flag_disabled = '';
$flag_checked = '';
