CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

[SOLVED] CMS user permissions not enforced

https://forum.cmsmadesimple.org/viewtopic.php?t=22227

Page 1 of 1

[SOLVED] CMS user permissions not enforced

Posted: Thu May 22, 2008 4:23 pm
by martin42
In case anyone has the same problem upgrading from a very old CMSMS, here's the solution.

Problem 1: My CMSMS site only had two users: an Editor and an Admin. The Editor had almost no permissions set up, yet he could do everything that the Admin could do.

Solution: SELECT * FROM cms_users; showed that my Editor user had user_id=1.  It turned out that user_id=1 and group_id=1 always have full admin rights in CMSMS (see check_permission() in /lib/page.functions.php), so the fix was to tweak the cms_users, cms_groups and cms_user_groups table data, such that only the admin account had user_id=1, group_id=1.

Problem 2: Installing the MenuManager module on 1.2.5 gave these errors in Postgres:

Code: Select all

	ERROR:  invalid input syntax for integer: "f"
	STATEMENT:  SELECT count(*) FROM cms_group_perms WHERE group_id = 'f' AND permission_id = '44'
	
	ERROR:  syntax error at or near "," at character 111
	STATEMENT:  INSERT INTO cms_group_perms (group_perm_id, group_id, permission_id, create_date, modified_date) VALUES (158, , 44, '2008-05-22 13:10:15', '2008-05-22 13:10:15')
	
	ERROR:  invalid input syntax for integer: "f"
	STATEMENT:  SELECT count(*) FROM cms_group_perms WHERE group_id = 'f' AND permission_id = '44'
	
	ERROR:  syntax error at or near "," at character 111
	STATEMENT:  INSERT INTO cms_group_perms (group_perm_id, group_id, permission_id, create_date, modified_date) VALUES (159, , 44, '2008-05-22 13:10:15', '2008-05-22 13:10:15')
Solution: It turned out that /modules/MenuManager/method.install.php assumes that the admin group is called Admin, and that there is a designer group called Designer.  So, the fix was to tweak cms_groups / cms_users / cms_user_groups accordingly.  To match the default setup on a clean CMSMS install, the cms_groups need to be group_id=1 "Admin", 2 "Editor", 3 "Designer". 

Cheers,

- Martin

Re: [SOLVED] CMS user permissions not enforced

Posted: Fri May 23, 2008 1:13 pm
by Pierre M.
Hello Martin,

Q1 : is P1 solved in 1.2.5 ?

Q2 : is it a bug against (1.2.5 shipped) MenuManager, which is 1.5 ? or against the core ?

Thank you for your already filed bug reports and diffs.

Pierre M.

Re: [SOLVED] CMS user permissions not enforced

Posted: Fri May 23, 2008 1:26 pm
by calguy1000
P1 is not really a bug, we need more information in the installer that the first account created will be an admin account and have all rights.

P2 is fixed in SVN and will be out with CMS 1.3

Re: [SOLVED] CMS user permissions not enforced

Posted: Fri May 23, 2008 1:34 pm
by martin42
Yes, agree P1 is fine as long as it's documented.

Nice to hear P2 is fixed in 1.3.

Thanks!

- Martin.

Re: [SOLVED] CMS user permissions not enforced

Posted: Fri May 23, 2008 1:44 pm
by Pierre M.
Thank you both for your answers and fixes.

Pierre
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited