[SOLVED] CMS user permissions not enforced

Help with getting the CMS CORE package up and running. This does not include 3rd party modules, PHP scripts, anything downloaded via module manager or from any external source.
Locked
martin42
Forum Members
Forum Members
Posts: 126
Joined: Sat Aug 20, 2005 11:35 pm

[SOLVED] CMS user permissions not enforced

Post by martin42 »

In case anyone has the same problem upgrading from a very old CMSMS, here's the solution.

Problem 1: My CMSMS site only had two users: an Editor and an Admin. The Editor had almost no permissions set up, yet he could do everything that the Admin could do.

Solution: SELECT * FROM cms_users; showed that my Editor user had user_id=1.  It turned out that user_id=1 and group_id=1 always have full admin rights in CMSMS (see check_permission() in /lib/page.functions.php), so the fix was to tweak the cms_users, cms_groups and cms_user_groups table data, such that only the admin account had user_id=1, group_id=1.

Problem 2: Installing the MenuManager module on 1.2.5 gave these errors in Postgres:

Code: Select all

	ERROR:  invalid input syntax for integer: "f"
	STATEMENT:  SELECT count(*) FROM cms_group_perms WHERE group_id = 'f' AND permission_id = '44'
	
	ERROR:  syntax error at or near "," at character 111
	STATEMENT:  INSERT INTO cms_group_perms (group_perm_id, group_id, permission_id, create_date, modified_date) VALUES (158, , 44, '2008-05-22 13:10:15', '2008-05-22 13:10:15')
	
	ERROR:  invalid input syntax for integer: "f"
	STATEMENT:  SELECT count(*) FROM cms_group_perms WHERE group_id = 'f' AND permission_id = '44'
	
	ERROR:  syntax error at or near "," at character 111
	STATEMENT:  INSERT INTO cms_group_perms (group_perm_id, group_id, permission_id, create_date, modified_date) VALUES (159, , 44, '2008-05-22 13:10:15', '2008-05-22 13:10:15')
Solution: It turned out that /modules/MenuManager/method.install.php assumes that the admin group is called Admin, and that there is a designer group called Designer.  So, the fix was to tweak cms_groups / cms_users / cms_user_groups accordingly.  To match the default setup on a clean CMSMS install, the cms_groups need to be group_id=1 "Admin", 2 "Editor", 3 "Designer". 

Cheers,

- Martin
Last edited by martin42 on Fri May 23, 2008 11:37 am, edited 1 time in total.
Top
Pierre M.

Re: [SOLVED] CMS user permissions not enforced

Post by Pierre M. »

Hello Martin,

Q1 : is P1 solved in 1.2.5 ?

Q2 : is it a bug against (1.2.5 shipped) MenuManager, which is 1.5 ? or against the core ?

Thank you for your already filed bug reports and diffs.

Pierre M.
Top
calguy1000
Support Guru
Support Guru
Posts: 8169
Joined: Tue Oct 19, 2004 6:44 pm

Re: [SOLVED] CMS user permissions not enforced

Post by calguy1000 »

P1 is not really a bug, we need more information in the installer that the first account created will be an admin account and have all rights.

P2 is fixed in SVN and will be out with CMS 1.3
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Top
martin42
Forum Members
Forum Members
Posts: 126
Joined: Sat Aug 20, 2005 11:35 pm

Re: [SOLVED] CMS user permissions not enforced

Post by martin42 »

Yes, agree P1 is fine as long as it's documented.

Nice to hear P2 is fixed in 1.3.

Thanks!

- Martin.
Top
Pierre M.

Re: [SOLVED] CMS user permissions not enforced

Post by Pierre M. »

Thank you both for your answers and fixes.

Pierre
Top
Locked

Return to “[locked] Installation, Setup and Upgrade”