Page MenuHomeIn-Portal Phabricator
Differential D487

INP-1877 - Check meta-permissions for "root" user
AcceptedPublic
Actions

Authored by alex on Oct 8 2024, 6:50 AM.

Details

Reviewers
erik
Test Plan

Preparations

  • in IDE:
    1. open languages/email_template_list template for editing
    2. replace <inp2:m_if check="m_IsDebugMode"> above the Add toolbar button with <inp2:m_if check="m_CheckPermission" perm_event="email-template:OnPreCreate">
    3. remove the <inp2:m_if check="m_IsDebugMode"> ... </inp2:m_if> around the Delete toolbar button
    4. save changes
    5. open languages/phrase_list template for editing
    6. wrap the Add toolbar button with <inp2:m_if check="m_CheckPermission" perm_event="phrases:OnPreCreate">...</inp2:m_if> IF
    7. save changes
  • in Admin Console:
    1. go to the User ManagementAdministrators section
    2. create an administrator OR remember username/password of an existing administrator
    3. go to the User ManagementGroups section
    4. edit admin group
    5. on the Permissions tab remove the Add and Delete permissions for the Website & ContentLabels & Phrase section
    6. save changes

Part 1 - the "root" user tag/event meta permission checking

  1. turn on Debug Mode
  2. login to Admin Console as root
  3. go to the Website & ContentE-mail Templates section
  4. confirm, that:
    • the Add toolbar button is visible and working (doesn't give the No Permission error)
    • the Delete toolbar button is visible and working (doesn't give the No Permission error)
  5. turn off Debug Mode
  6. go to the Website & ContentE-mail Templates section (or reload the page if you're already there)
  7. confirm, that:
    • the Add toolbar button is not visible
    • the Delete toolbar button is visible and not working (gives the No Permission error)
  8. logout

Part 2 - the admin user tag/event meta permission checking

  1. Same as Part 1, but login using and above-remembered admin user

Part 3 - the "root" user static permission checking

  1. login to Admin Console as root
  2. go to the Website & ContentLabels & Phrase section
  3. confirm, that the Add toolbar button is visible and working (doesn't give the No Permission error)
  4. confirm, that the Delete toolbar button is visible and working (doesn't give the No Permission error)
  5. logout

Part 4 - the admin user static permission checking

  1. login to Admin Console as admin user
  2. go to the Website & ContentLabels & Phrase section
  3. confirm, that the Add toolbar button is not visible
  4. confirm, that the Delete toolbar button is visible and not working (gives the No Permission error)
  5. logout

Part 5 - the "root" user config section permission checking

  1. login to Admin Console as root
  2. go to the ConfigurationWebsiteGeneral section
  3. confirm, that no error happened
  4. press the Save toolbar button
  5. confirm, that no error happened
  6. logout

Part 6 - the "root" user config section permission checking

  1. login to Admin Console as admin user
  2. go to the ConfigurationWebsiteGeneral section
  3. confirm, that no error happened
  4. press the Save toolbar button
  5. confirm, that no error happened
  6. logout

Diff Detail

Repository
rINP In-Portal
Branch
/in-portal/branches/5.2.x
Lint
Lint ErrorsExcuse: Not fixing.
SeverityLocationCodeMessage
Errorcore/kernel/event_handler.php:210PHPCS.E.CodingStandard.NamingConventions.ValidFunctionName.ScopeNotCamelCapsCodingStandard.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
Errorcore/kernel/event_handler.php:243PHPCS.E.CodingStandard.NamingConventions.ValidFunctionName.ScopeNotCamelCapsCodingStandard.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
Errorcore/kernel/event_handler.php:321PHPCS.E.CodingStandard.Classes.ClassDeclaration.SpaceBeforeCloseBraceCodingStandard.Classes.ClassDeclaration.SpaceBeforeCloseBrace
Errorcore/units/helpers/permissions_helper.php:148PHPCS.E.CodingStandard.NamingConventions.ValidFunctionName.ScopeNotCamelCapsCodingStandard.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
Unit
No Unit Test Coverage
Build Status
Buildable 1296
Build 1296: arc lint + arc unit

Event Timeline

alex created this revision.Oct 8 2024, 6:50 AM
alex requested review of this revision.Oct 8 2024, 6:50 AM
alex edited the test plan for this revision. (Show Details)Oct 8 2024, 7:30 AM
alex edited the test plan for this revision. (Show Details)Oct 8 2024, 7:33 AM
erik requested changes to this revision.Oct 8 2024, 10:06 AM

Not passed test plan part

Part 4 - the admin user static permission checking
login to Admin Console as admin user
go to the Website & Content → Labels & Phrase section
confirm, that the Add toolbar button is not visible

Add button toolbar is visible

This revision now requires changes to proceed.Oct 8 2024, 10:06 AM
alex planned changes to this revision.Oct 8 2024, 10:18 AM
alex edited the test plan for this revision. (Show Details)

The test plan doesn't include the removal of the Add permission for the Labels & Phrases section.

alex requested review of this revision.Oct 8 2024, 10:19 AM

Updated test plan.

erik accepted this revision.Oct 8 2024, 10:37 AM
This revision is now accepted and ready to land.Oct 8 2024, 10:37 AM
alex planned changes to this revision.Oct 15 2024, 8:04 AM
alex edited the test plan for this revision. (Show Details)

When root opens a configuration section an exception is thrown:

Exception: Permission section not specified for prefix conf in ...\core\kernel\utility\event.php on line 439
alex updated this revision to Diff 1253.Oct 15 2024, 8:10 AM

Fix for an exception on the configuration section for the "root" user.

This revision is now accepted and ready to land.Oct 15 2024, 8:10 AM
alex updated this revision to Diff 1254.Oct 15 2024, 8:13 AM

Cosmetic comment fixes.

alex requested review of this revision.Oct 15 2024, 8:15 AM

Please retest (the test plan was improved).

Harbormaster completed remote builds in B1295: Diff 1253.Oct 15 2024, 8:16 AM
Harbormaster completed remote builds in B1295: Diff 1253.
Harbormaster completed remote builds in B1296: Diff 1254.
Harbormaster completed remote builds in B1296: Diff 1254.
erik accepted this revision.Oct 15 2024, 10:54 AM
This revision is now accepted and ready to land.Oct 15 2024, 10:54 AM

Revision Contents
Changeset List

DiffIDBaseDescriptionCreatedLintUnit
BaseBase
Diff 1124816798Oct 8 2024, 6:50 AM
Diff 2125316798Fix for an exception on the configuration section for the "root" user.Oct 15 2024, 8:10 AM
Diff 3125416798Cosmetic comment fixes.Oct 15 2024, 8:13 AM

Diff 1254

View Options

core/kernel/event_handler.php

Loading...
View Options

core/kernel/managers/request_manager.php

Loading...
View Options

core/units/helpers/permissions_helper.php

Loading...
In-Portal CMS · In-Portal Community Pages · In-Portal Issue Tracker · In-Portal Repository Browser · Quality Assurance · In-Portal CI Server