Differential D486

INP-1876 - Verify system settings access permissions before allowing to change them
AcceptedPublic
Actions

Authored by alex on Thu, Oct 3, 8:26 AM.

Details

Reviewers

erik

Test Plan

in 1st browser:
1. login to Admin Console as root user
2. go to the Configuration → Users → General section
3. enable the Advanced User Management system setting
4. save changes
5. confirm, that:
  - settings were saved
  - no error has happened
  - the User Management → Groups section became available
6. go to the User Management → Groups section
7. edit the admin group
8. remove the permission to view/edit the Configuration → Website → General section
9. save changes
10. go to the Configuration → Website → General section
11. inspect input for the Website name system setting and remember it's name HTML attribute value
in 2nd browser:
1. login to Admin Console as any administrator user (not the root)
2. go to the Configuration → Website → Advanced section
3. confirm, that you can't see the Configuration → Website → General section
4. inspect the input of the Default Design Template system setting
5. change its name HTML attribute value to the above remembered one (from the Website name system setting)
6. save changes
7. confirm, that:
  - settings were saved
  - no error has happened
in 1st browser:
1. go to the Configuration → Website → General section
2. confirm, that Website name system setting wasn't changed
3. confirm, that:
  - settings were saved
  - no error has happened

Diff Detail

Repository

rINP In-Portal

Branch

/in-portal/branches/5.2.x

Lint

Lint OK

Unit

No Unit Test Coverage

Build Status

Buildable 1288
Build 1288: arc lint + arc unit

Event Timeline

alex created this revision.Thu, Oct 3, 8:26 AM

Herald added a reviewer: erik. · View Herald TranscriptThu, Oct 3, 8:26 AM

Harbormaster completed remote builds in B1287: Diff 1245.Thu, Oct 3, 8:26 AM

alex requested review of this revision.Thu, Oct 3, 8:26 AM

alex edited the test plan for this revision. (Show Details)Thu, Oct 3, 8:47 AM

alex added a project: Restricted Project.

Test by plan is passed, but, to have Groups section visible, with root user go to Configuration->Users-General section, press Save button - and got "Exception: Permission section not specified for prefix conf in w:\SVN\5.2.x\core\kernel\utility\event.php on line 439"

This revision is now accepted and ready to land.Thu, Oct 3, 9:53 AM

In D486#9799, @erik wrote:

Test by plan is passed, but, to have Groups section visible, with root user go to Configuration->Users-General section, press Save button - and got "Exception: Permission section not specified for prefix conf in w:\SVN\5.2.x\core\kernel\utility\event.php on line 439"

Reopening for fixing, because this error is happening for root user on every configuration page save attempt.

alex edited the test plan for this revision. (Show Details)Thu, Oct 3, 11:07 AM

alex edited the test plan for this revision. (Show Details)

Fixed fatal error on system setting saving for the root user.

This revision is now accepted and ready to land.Thu, Oct 3, 11:09 AM

Harbormaster completed remote builds in B1288: Diff 1246.Thu, Oct 3, 11:09 AM

alex requested review of this revision.Thu, Oct 3, 11:12 AM

erik accepted this revision.Thu, Oct 3, 11:21 AM

This revision is now accepted and ready to land.Thu, Oct 3, 11:21 AM

Revision Contents
Changeset List

			Path	Packages
M			core/units/configuration/configuration_event_handler.php (49 lines)

Diff	ID	Base	Description	Created	Lint	Unit
Base			Base
Diff 1	1245	16796		Thu, Oct 3, 8:26 AM	★	★
Diff 2	1246	16796	Fixed fatal error on system setting saving for the `root` user.	Thu, Oct 3, 11:09 AM	★	★

Commit	Parents	Author	Summary	Date
#fake-hash			Ignore it :) (Show More…)

Diff 1246

View Options

core/units/configuration/configuration_event_handler.php

INP-1876 - Verify system settings access permissions before allowing to change themAcceptedPublicActions