Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When user/group permissions are reset, this is not reflected immediately to the end user #2584

Closed
YongBoLiu opened this issue Mar 29, 2019 · 1 comment
Assignees
Labels
bug Undesired behaviour resolved A fixed issue
Milestone

Comments

@YongBoLiu
Copy link
Contributor

Describe the bug
A clear and concise description of what the bug is.
Change permission, it not effect immediately. you have to re-login to see it works.

To Reproduce
Steps to reproduce the behavior:

  1. Go to Console-> user -> permission.
  2. Change some permissions and save.
  3. It will not effective.
  4. You have to logout then login to see it works.

Expected behavior
A clear and concise description of what you expected to happen.
Permission change effect immediately, don't need to re-login.

Desktop (please complete the following information):

  • OS: [e.g. iOS]
  • Browser [e.g. chrome, safari]
  • Version [1.2.2]

Additional context
Add any other context about the problem here.

It is because the user_perms_valid() always return true. Details is below,

When login,
In first call of user_perms_valid() in session 1. As $_SESSION['sess_user_perms_key'] is NOT set yet. It set the $_SESSION['sess_user_perms_key'] and return true.

In second call of user_perms_valid() in session 1. As the $valid is set to true, the $_SESSION['sess_user_perms_key'] is set to $valid and return true.

Then the user_perms_valid() always return true.

				if ($key != $_SESSION['sess_user_perms_key']) {
					$valid = false;
				}

Because

php -r "if('2292476146' != true) echo 'NOT'; else echo 'EQ';"

EQ

This also makes user_perms_valid() always return true When permission changed. Because the $_SESSION['sess_user_perms_key'] is true seems equals any number.

The root cause i think is, we don't need to set $_SESSION['sess_user_perms_key'] to true when $valid is true. The fix as below,

diff -u -N rtm/cacti/lib/auth.php rtm/cacti/lib/auth.php
--- rtm/cacti/lib/auth.php	2019-02-28 10:53:15.000000605 +0800
+++ rtm/cacti/lib/auth.php	2019-03-29 16:16:59.000000570 +0800
@@ -2566,7 +2566,6 @@
 		}
 	} else {
 		$valid = true;
-		$_SESSION['sess_user_perms_key'] = $valid;
 	}
 
 	return $valid;

It works well in my env. Please confirm. Thanks.

@netniV netniV changed the title Permission change not effect immediately because wrong in user_perms_valid() When user permissions are reset, this is not reflected immediately to the end user Mar 29, 2019
@netniV netniV changed the title When user permissions are reset, this is not reflected immediately to the end user When user/group permissions are reset, this is not reflected immediately to the end user Mar 29, 2019
@netniV netniV closed this as completed in d81746b Mar 29, 2019
@netniV netniV added bug Undesired behaviour resolved A fixed issue labels Mar 29, 2019
@netniV netniV added this to the v1.2.3 milestone Mar 29, 2019
@netniV netniV self-assigned this Mar 29, 2019
@netniV
Copy link
Member

netniV commented Mar 29, 2019

This has now been committed to the development code.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Undesired behaviour resolved A fixed issue
Projects
None yet
Development

No branches or pull requests

2 participants