When upgrading from before 1.x, SuperLinks view permissions may not be correct

[ddb4github]

Describe the bug

1. Lost realm of "External Links" during Cacti upgrade from pre-1.0.0
2. Missed to remove obsoleted plugins realms from plugin_realms, including: settings, nectar, superlinks,

To Reproduce
Steps to reproduce the behavior:

1. Build Cacti 0.8.8 env with superlinks, settings, nectar plugins enabled
2. Access Console-->User Management-->admin(edit)
3. Make sure all permission is selected, and save
4. Upgrade to Cacti 1.2.4 by cli/upgrade_database.php
5. Check User-->Permission(Tab)
6. See error

[netniV]

That is interesting. I would have though someone else would have reported that by now given the 1.x lifetime. We will have to double check the upgrade code as I thought this was part of it.

[netniV]

for superlinks, the following code should be adjusting the realms as appropriate:

db_install_execute('DELETE FROM superlinks_auth WHERE pageid NOT IN(SELECT id FROM external_links)');
db_install_execute('INSERT INTO user_auth_realm (user_id, realm_id) SELECT userid, pageid+10000 FROM superlinks_auth');
db_install_drop_table('superlinks_auth');

This is found in the install/upgrades/1_0_0.php upgrade file.

[ddb4github]

above three lines upgrade permission of superlinks created tab, links, .... But not "External Links" that is like "Graphs, Devices"

[netniV]

I'm confused because Superlinks became External Links I believe.

[ddb4github]

"Superlinks" plugin permission is configured in table plugin_realms.

During upgrade, 1_0_0.php only handle "superlinks internal permission" from table 'superlinks_auth ' about "permission of superlinks created content".

• Before upgrade:
  

• After upgrade
  
  

• Whatever before/after upgade,

# mysql cacti -e "select * from plugin_realms where plugin='superlinks'"
+----+------------+---------------------+------------------------------------+
| id | plugin     | file                | display                            |
+----+------------+---------------------+------------------------------------+
| 12 | superlinks | superlinks.php      | Plugin -> SuperLinks: View Pages   |
| 13 | superlinks | superlinks-mgmt.php | Plugin -> SuperLinks: Manage Pages |
+----+------------+---------------------+------------------------------------+

[netniV]

Was there anything already populated in the external links table ? I notice that the first query is only checking that the external links id does not exist in superlinks, but I suspect it should also have the -1000 on it.

[netniV]

Wait, I may be missing that the External Links will have it's own realm anyway.

[netniV]

OK, to be clearer on this the security for the links are being transferred, but the manage permission for External Links is set to realm 24 but this is not being populated. I think we will need to update the 1_0_0.php upgrade file but it is unfortunately that any previous upgrade will have lost this permission.

[netniV]

Actually, my bad. External Links should be available to any user with access to a link. External Links is the ability to view the tab not the management of it. So, we will patch this in 1.2.5 to reapply that realm if they have access to a link.

[netniV]

I've submitted a change to the 1_0_0.php file that should rectify the upgrade. If you have already upgraded, it wouldn't be right to run this automatically since you could have adjusted the permissions already and this could have changed them without your knowledge if run in a later upgrade.

If you do need to grant view permissions to the external links tab for all users you can run:

REPLACE INTO user_auth_realm (user_id, realm_id) SELECT user_id, 24 AS realm_id FROM user_auth