Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-16129

hasAccessToLimitation ezjscore 1.0.1 function does not properly check multiple policies

    XMLWordPrintable

    Details

      Description

      Supposing you have duplicate "content/read" policies in a role. One has a Section limitation to section ID 1, and one has a Section limitation to section ID 2.

      If you run:

      has_access_to_limitation( 'content', 'read', hash( 'Section', 2 ) )
      

      This will return false because the first check only has a limitation of section ID 1. However, this is incorrect, as the user in question does have access to read section ID 2.

      If you look at the existing code you can see why this is the case, because the first policy that has a section limitation is assumed to be the only policy with that limitation.

                      // User has access unless limitations don't match
                      foreach ( $result['policies'] as $limitationArray  )
                      {
                          foreach ( $limitationArray as $limitationKey => $limitationValues  )
                          {
                              if ( isset( $limitations[$limitationKey] ) )
                              {
                                  if ( !in_array( $limitations[$limitationKey], $limitationValues ) )
                                  {
                                      return false;
                                  }
                              }
                              else
                              {
                                  // TODO: build limitation array of unmatched policies
                              }
                          }
                      }
      

      Of course, this does open up discussion that the content manager should consolidate the Section limitations into one policy.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              andre1 André R
              Reporter:
              peterkeung Peter Keung
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: