The result of Rbac->Users->hasRole() is incorrect. #102
Comments
|
I believe you are correct.
… On Nov 29, 2017, at 1:14 AM, Jerry ***@***.***> wrote:
I want to use this Rbac->Users->hasRole() to check whether a User has a Role or not. But the result is true when I check a role which a User does not has it. I looked at the source code for this method and found a bug.
https://github.com/OWASP/rbac/blob/84d993cbc676a89ac33359b94fa2b90ff2519dbb/PhpRbac/src/PhpRbac/core/lib/rbac.php#L978-L983 <https://github.com/OWASP/rbac/blob/84d993cbc676a89ac33359b94fa2b90ff2519dbb/PhpRbac/src/PhpRbac/core/lib/rbac.php#L978-L983>
I think this should change to:
$R = Jf::sql ( "SELECT * FROM {$this->tablePrefix()}userroles AS TUR
JOIN {$this->tablePrefix()}roles AS TRdirect ON (TRdirect.ID=TUR.RoleID)
JOIN {$this->tablePrefix()}roles AS TR ON (TR.Lft BETWEEN TRdirect.Lft AND TRdirect.Rght)
WHERE
TUR.UserID=? AND TUR.RoleID=?", $UserID, $RoleID );
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub <#102>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABVjW6wvQS2GEp0qNL-iqoaL7EoMbNuMks5s7PYrgaJpZM4QueK4>.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I want to use this Rbac->Users->hasRole() to check whether a User has a Role or not. But the result is true when I check a role which a User does not has it. I looked at the source code for this method and found a bug.
rbac/PhpRbac/src/PhpRbac/core/lib/rbac.php
Lines 978 to 983 in 84d993c
I think this should change to:
The text was updated successfully, but these errors were encountered: