Text only | Text with Images

TinyPortal

Development => Feedback => Bugs/Errors => Topic started by: julian7 on February 19, 2009, 04:32:43 PM

Title: [bugtracker] Admin functions delegated to non-admins don't work
Post by: julian7 on February 19, 2009, 04:32:43 PM
Nearly all functions in tpadmin action fail on POST, when accessed by a non-administrator user.  For example, article management works for normal users (who got access to article management and tinyportal article functionalities), until the actual newarticle or edit article's POST form submission.

Of course it fails because no subaction is set (in GET variable), which is the base of the security check.  It defaults to tp-news, but if I give permission to news, I'll give permission for everything.
Title: Re: [bugtracker] Admin functions delegated to non-admins don't work
Post by: Renegd98 on February 19, 2009, 06:26:20 PM
Confirmed,
I gave a test account permissions to manage articles. The link to manage articles works. I can create an article, but when i push save I get the error you see in the attached pic.
No errors are thrown in the error log.
Title: Re: [bugtracker] Admin functions delegated to non-admins don't work
Post by: bloc on March 05, 2009, 10:27:55 PM
- TP assumed tp_news permission on non-admins, causing saving to fail. Fixed for v1.0 beta 4
Text only | Text with Images