Page Menu
Home
In-Portal Phabricator
Search
Configure Global Search
Log In
Files
F1051245
D282.id683.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Subscribers
None
File Metadata
Details
File Info
Storage
Attached
Created
Thu, Jul 3, 9:22 PM
Size
5 KB
Mime Type
text/x-diff
Expires
Fri, Jul 4, 9:22 PM (18 m, 10 s)
Engine
blob
Format
Raw Data
Handle
679214
Attached To
D282: INP-1665 - Add/use "kApplication::permissionCheckingDisabled" method
D282.id683.diff
View Options
Index: core/kernel/application.php
===================================================================
--- core/kernel/application.php
+++ core/kernel/application.php
@@ -2560,6 +2560,22 @@
}
/**
+ * Determines if access permissions should not be checked.
+ *
+ * @param integer|null $user_id User ID.
+ *
+ * @return boolean
+ */
+ public function permissionCheckingDisabled($user_id = null)
+ {
+ if ( !isset($user_id) ) {
+ $user_id = $this->RecallVar('user_id');
+ }
+
+ return $user_id == USER_ROOT;
+ }
+
+ /**
* Check current user permissions based on it's group permissions in specified category
*
* @param string $name permission name
Index: core/kernel/db/db_event_handler.php
===================================================================
--- core/kernel/db/db_event_handler.php
+++ core/kernel/db/db_event_handler.php
@@ -558,19 +558,19 @@
$event->setEventParam('top_prefix', $this->Application->GetTopmostPrefix($event->Prefix, true));
$status_checked = false;
- if ( $user_id == USER_ROOT || $this->CheckPermission($event) ) {
- // don't autoload item, when user doesn't have view permission
+ if ( $this->Application->permissionCheckingDisabled($user_id) || $this->CheckPermission($event) ) {
+ // Don't autoload item, when user doesn't have view permission.
$this->LoadItem($event);
$status_checked = true;
$editing_mode = defined('EDITING_MODE') ? EDITING_MODE : false;
$id_from_request = $event->getEventParam(kEvent::FLAG_ID_FROM_REQUEST);
- if ( $user_id != USER_ROOT
+ if ( !$this->Application->permissionCheckingDisabled($user_id)
&& !$this->Application->isAdmin
&& !($editing_mode || ($id_from_request ? $this->checkItemStatus($event) : true))
) {
- // non-root user AND on front-end AND (not editing mode || incorrect status)
+ // Permissions are being checked AND on Front-End AND (not editing mode || incorrect status).
$perm_status = false;
}
}
Index: core/kernel/managers/request_manager.php
===================================================================
--- core/kernel/managers/request_manager.php
+++ core/kernel/managers/request_manager.php
@@ -156,7 +156,7 @@
$event_handler = $this->Application->recallObject($event->Prefix . '_EventHandler');
/* @var $event_handler kEventHandler */
- if ( ($this->Application->RecallVar('user_id') == USER_ROOT) || $event_handler->CheckPermission($event) ) {
+ if ( $this->Application->permissionCheckingDisabled() || $event_handler->CheckPermission($event) ) {
$this->Application->HandleEvent($event);
$this->Application->notifyEventSubscribers($event);
}
@@ -481,4 +481,4 @@
$opener_stack->push($template, $params, $index_file);
$opener_stack->save();
}
-}
\ No newline at end of file
+}
Index: core/units/helpers/permissions_helper.php
===================================================================
--- core/units/helpers/permissions_helper.php
+++ core/units/helpers/permissions_helper.php
@@ -584,8 +584,7 @@
{
$user_id = (int)$user_id;
- if ( $user_id == USER_ROOT ) {
- // "root" is allowed anywhere
+ if ( $this->Application->permissionCheckingDisabled($user_id) ) {
return substr($name, -5) == '.deny' || $name == 'SYSTEM_ACCESS.READONLY' ? 0 : 1;
}
@@ -844,4 +843,4 @@
return 0;
}
- }
\ No newline at end of file
+ }
Index: core/units/helpers/upload_helper.php
===================================================================
--- core/units/helpers/upload_helper.php
+++ core/units/helpers/upload_helper.php
@@ -140,7 +140,7 @@
$admin_session = $this->Application->recallObject('Session.admin');
/* @var $admin_session Session */
- if ( $admin_session->RecallVar('user_id') == USER_ROOT ) {
+ if ( $this->Application->permissionCheckingDisabled($admin_session->RecallVar('user_id')) ) {
return true;
}
Index: modules/in-commerce/units/addresses/addresses_event_handler.php
===================================================================
--- modules/in-commerce/units/addresses/addresses_event_handler.php
+++ modules/in-commerce/units/addresses/addresses_event_handler.php
@@ -102,8 +102,10 @@
$object = $event->getObject();
/* @var $object kDBItem */
- if ( !$object->isLoaded() || !$this->checkItemStatus($event) ) {
- // not trivially loaded object OR not current user address
+ if ( !$object->isLoaded()
+ || (!$this->Application->permissionCheckingDisabled() && !$this->checkItemStatus($event))
+ ) {
+ // Not trivially loaded object OR not current user address.
$event->status = kEvent::erPERM_FAIL;
return ;
}
@@ -398,8 +400,10 @@
$object = $event->getObject();
/* @var $object kDBItem */
- if ( !$object->isLoaded() || !$this->checkItemStatus($event) ) {
- // not trivially loaded object OR not current user address
+ if ( !$object->isLoaded()
+ || (!$this->Application->permissionCheckingDisabled() && !$this->checkItemStatus($event))
+ ) {
+ // Not trivially loaded object OR not current user address.
$event->status = kEvent::erPERM_FAIL;
return;
}
Event Timeline
Log In to Comment