Workspace Permissions for a User not being enforced

[cuddles_the_monkey]

I have an issue regarding Workspace Permissions for a user, I will explain my problem below:

I am logged into OpenGoo as admin.  I go to 'Administration' and then 'Workspaces'.  Once there, I am presented with a list of Workspaces (shared and personal).  I click on 'Edit' next to 'Project 1' (this is the name of the main Workspace - not a personal one).  Once the 'Edit Workspace' screen appears, I click 'Edit Permissions', I then find the User I wish to assign permissions to and uncheck both 'Can read comments' and 'Can write comments'.  I then click 'Save Changes' and a message then tells me this was saved ok.

However, when I log in as that User and click on the shared Workspace called 'Project 1' and then click on a document, I can see all comments for this document!!  I can also see the 'Post Comments' form.  If I try to post a comment then the Loading icon appears and just stays there (doesn't do anything!).  If I check the 'og_comments' table in the database, I can see that the comment has been inserted into the table.

Basically, a user who should not be able to View/Post Comments is being allowed to do so, even though I am settings permissions for them not to do so.

Please help!!

[alvarotm01]

Hi,

this bug is fixed for next release,

thanks for reporting it!
greetings

[cuddles_the_monkey]

Thanks for the quick response!!  Which file was it that had the problem? if you could let me know where/what the probIem is then I can edit the PHP myself!!  Please!! 

[alvarotm01]

If you want to make the changes by yourself you must modify the file 'application\models\ProjectDataObject.class.php', delete the function 'canComment(...)' and paste this three functions

Code: [Select]

function canComment($user) {
return self::checkCommentsPermissions($user, ProjectUsers::CAN_WRITE_COMMENTS);
} // canComment

function canReadComments($user) {
return self::checkCommentsPermissions($user, ProjectUsers::CAN_READ_COMMENTS);
} // canReadComments

private function checkCommentsPermissions($user, $accesLevel) {
if(!$this->isCommentable()) return false;

if(!($user instanceof User) && !($user instanceof AnonymousUser)) {
throw new InvalidInstanceError('user', $user, 'User or AnonymousUser');
} // if

// Access permissions
if($user instanceof User) {
if($user->isAdministrator()) return true; // admins have all the permissions
$ws = $this->getWorkspaces();
$can = false;
foreach ($ws as $w) {
if($user->isProjectUser($w) && $user->getProjectPermission($w, $accesLevel)) {
$can = true;
}
}
if (!$can) return false;
} // if

if($this->columnExists('comments_enabled') && !$this->getCommentsEnabled()) return false;
if($user instanceof AnonymousUser) {
if($this->columnExists('anonymous_comments_enabled') && !$this->getAnonymousCommentsEnabled()) return false;
} // if
return true;
}

You also have to edit the file 'application\helpers\application.php' and overwrite the line 734 with this one

Code: [Select]

if(!$object->isCommentable() || !$object->canReadComments(logged_user())) return '';

By the way, we are planning to release a new version with some fixes (including this one) in a couple of days.

greetings

[cuddles_the_monkey]

thanks for this! You guys really are the best!!