Go to main content

Navigation menu

Textpattern CMS support forum

You are not logged in. Register | Login | Help

  1. Index
  2. » Archives
  3. » Bug? 404 rc1 and permissions to modify articles

Pages: 1

#1 2006-10-08 19:46:00

anoke
Archived Plugin Author
Registered: 2006-04-15
Posts: 152

Bug? 404 rc1 and permissions to modify articles

Following happened:

  • fresh installation
  • created a new staff writer
  • admin posted a new article (so there was 2 articles by admin)
  • staff writer tried deleting it

<code>
Notice: Undefined variable: ids in /var/textpattern/404rc1/textpattern/include/txp_list.php on line 384
Warning: join() [function.join]: Bad arguments. in /var/textpattern/404rc1/textpattern/include/txp_list.php on line 384
</code>

I get the same errors with older 4.0.3 revision. (4.0-20060831 IIRC)

  • staff writer was able to change section for the very article
  • staff writer was able to change categories for the article
  • staff writer was able to change commenting status

A suggestion btw – I’m using following to show the checkbox on my installations:
<code>
( $AuthorID == $txp_user or has_privs(‘article.delete’)) ? fInput(‘checkbox’, ‘selected[]’, $ID) : ‘&nbsp;’
</code>

That way staff writers can’t even try doing such things. (not sure about that very privileges check – it was just a quick tweak)

Last edited by anoke (2006-10-08 19:48:30)

- When chickens are cold, they roost in trees; when ducks are cold, they plunge into water -

Offline

#2 2006-10-08 21:05:20

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: Bug? 404 rc1 and permissions to modify articles

The notice/warning can be fixed by adding <code>$ids = array();</code> at the beginning of the list_multi_edit function.

The priviledges check should probably be done similar to what is done in the article_save function. There, it depends on the status of the article and on the permissions ‘article.edit.published’, ‘article.edit.published.own’, ‘article.edit’, ‘article.edit.own’ and for Status changes: ‘article.publish’.

[working on a patch]

Last edited by ruud (2006-10-08 21:24:58)

Offline

#3 2006-10-08 22:12:47

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: Bug? 404 rc1 and permissions to modify articles

Patch sent to txp-dev.

@anoke, if you’re not subscribed to txp-dev and would still like to test the patch I sent in (it could really use some extensive testing), mail me.

Offline

#4 2006-10-09 12:37:04

Sencer
Archived Developer
From: cgn, de
Registered: 2004-03-23
Posts: 1,803
Website

Re: Bug? 404 rc1 and permissions to modify articles

Thanks ruud. Fixed in 1892.

Offline

#5 2006-10-09 16:22:12

anoke
Archived Plugin Author
Registered: 2006-04-15
Posts: 152

Re: Bug? 404 rc1 and permissions to modify articles

Yep – works nicely.

- When chickens are cold, they roost in trees; when ducks are cold, they plunge into water -

Offline

Pages: 1

  1. Index
  2. » Archives
  3. » Bug? 404 rc1 and permissions to modify articles

Board footer

Powered by FluxBB