Make sure super admin is never locked out.

cdujeu · cdujeu · commit d119ff266164 · 2014-09-19T10:57:58.000+02:00
Role overriding seemed in the wrong order for shared users, to be verified
diff --git a/core/src/plugins/core.conf/class.AbstractAjxpUser.php b/core/src/plugins/core.conf/class.AbstractAjxpUser.php
@@ -223,11 +223,11 @@ public function removeLock()
 
     public function getLock()
     {
+        if($this->isAdmin() && $this->getGroupPath() == "/") return false;
         if (!empty($this->rights["ajxp.lock"])) {
             return $this->rights["ajxp.lock"];
         }
         return $this->mergedRole->filterParameterValue('core.conf', 'USER_LOCK_ACTION', AJXP_REPO_SCOPE_ALL, false);
-        //return false;
     }
 
     public function isAdmin()
@@ -431,14 +431,14 @@ public function recomputeMergedRole()
             //... but we want the parent user's role, filtered with inheritable properties only.
             $stretchedParentUserRole = AuthService::limitedRoleFromParent($this->parentUser);
             if ($stretchedParentUserRole !== null) {
-                $this->parentRole = $this->parentRole->override($stretchedParentUserRole);
+                $this->parentRole = $stretchedParentUserRole->override($this->parentRole);  //$this->parentRole->override($stretchedParentUserRole);
                 // REAPPLY SPECIFIC "SHARED" ROLES
                 foreach ($this->roles as $role) {
                     if(! $role->autoAppliesTo("shared")) continue;
                     $this->parentRole = $role->override($this->parentRole);
                 }
             }
-            $this->mergedRole = $this->parentRole->override($this->personalRole);
+            $this->mergedRole = $this->personalRole->override($this->parentRole);  // $this->parentRole->override($this->personalRole);
         }
     }
 

Original file line number	Diff line number	Diff line change
`@@ -223,11 +223,11 @@ public function removeLock()`
`223`	`223`
`224`	`224`	`public function getLock()`
`225`	`225`	`{`
	`226`	`+ if($this->isAdmin() && $this->getGroupPath() == "/") return false;`
`226`	`227`	`if (!empty($this->rights["ajxp.lock"])) {`
`227`	`228`	`return $this->rights["ajxp.lock"];`
`228`	`229`	`}`
`229`	`230`	`return $this->mergedRole->filterParameterValue('core.conf', 'USER_LOCK_ACTION', AJXP_REPO_SCOPE_ALL, false);`
`230`		`- //return false;`
`231`	`231`	`}`
`232`	`232`
`233`	`233`	`public function isAdmin()`
`@@ -431,14 +431,14 @@ public function recomputeMergedRole()`
`431`	`431`	`//... but we want the parent user's role, filtered with inheritable properties only.`
`432`	`432`	`$stretchedParentUserRole = AuthService::limitedRoleFromParent($this->parentUser);`
`433`	`433`	`if ($stretchedParentUserRole !== null) {`
`434`		`- $this->parentRole = $this->parentRole->override($stretchedParentUserRole);`
	`434`	`+ $this->parentRole = $stretchedParentUserRole->override($this->parentRole); //$this->parentRole->override($stretchedParentUserRole);`
`435`	`435`	`// REAPPLY SPECIFIC "SHARED" ROLES`
`436`	`436`	`foreach ($this->roles as $role) {`
`437`	`437`	`if(! $role->autoAppliesTo("shared")) continue;`
`438`	`438`	`$this->parentRole = $role->override($this->parentRole);`
`439`	`439`	`}`
`440`	`440`	`}`
`441`		`- $this->mergedRole = $this->parentRole->override($this->personalRole);`
	`441`	`+ $this->mergedRole = $this->personalRole->override($this->parentRole); // $this->parentRole->override($this->personalRole);`
`442`	`442`	`}`
`443`	`443`	`}`
`444`	`444`