[#4073] - JAccess::checkGroup() doesn't work without an $asset
- Closed
- 6 Aug 2014
- Medium
- Build: staging
- # 4073
- Diff
- nikosdion:patch-1
- Success The Travis CI build passed Details
User tests: Successful: Unsuccessful:
Executive summary
JAccess::checkGroup() does not work when the optional third argument $asset is not defined. This is in stark contrast with the docblock which states that it "Defaults to the global asset node."
Technical explanation
The root caused is a botched copy-pasted if-block spanning lines 144-147. It was copied from lines 101-104 except the last line $asset = $rootId was never copied. As a result, whenever $asset is empty we look into the #__assets table, get the root asset ID... and never use it. This causes null to always be returned, even if the given group does have the requested global privilege enabled.
The solution is to merely change line 144 from $rootId = $assets->getRootId(); to $asset = $assets->getRootId(); as it was intended.
Testing
Unless you are using the affected method in your own custom code you will not be able to reproduce this issue. Apparently everyone was avoiding to use checkGroup because it's buggy but nobody figured out why.
jissues-bot
- | Labels |
Added:
?
?
|
||
Would it make sense to change the line 103 as well?
$rootId = $assets->getRootId();
$asset = $rootId;
doesn't make much sense to me.$asset = $assets->getRootId(); looks much cleaner and would make consistent code.
@nikosdion what do you think?
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2014-08-06 05:39:10 |
Thanks!
Thanks @nikosdion this makes sense.
I have test this successful with a quick Dry run (called in german: Schreibtischtest) http://en.wikipedia.org/wiki/Dry_run_%28testing%29
I don't know if we can count it as a successful test as this is only theoretical and not the real code but it is successful and the change by @nikosdion makes absolute sense.