From 0c8466fa930af95317b38aa565f71c8dd8ece61b Mon Sep 17 00:00:00 2001 From: Johannes Meyer Date: Tue, 27 Jul 2021 13:28:41 +0200 Subject: [PATCH] RoleForm: Make sure to grant general module access... ...if full access is granted --- application/forms/Security/RoleForm.php | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/application/forms/Security/RoleForm.php b/application/forms/Security/RoleForm.php index 85b0278bd..f0a892da0 100644 --- a/application/forms/Security/RoleForm.php +++ b/application/forms/Security/RoleForm.php @@ -332,15 +332,24 @@ class RoleForm extends RepositoryForm } foreach ($this->providedPermissions as $moduleName => $permissionList) { + $hasFullPerm = false; foreach ($permissionList as $name => $spec) { if (in_array($name, $permissions, true)) { $values[$this->filterName($name)] = 1; + + if (isset($spec['isFullPerm'])) { + $hasFullPerm = true; + } } if (in_array($name, $refusals, true)) { $values[$this->filterName(self::DENY_PREFIX . $name)] = 1; } } + + if ($hasFullPerm) { + unset($values[$this->filterName(Manager::MODULE_PERMISSION_NS . $moduleName)]); + } } } @@ -376,10 +385,15 @@ class RoleForm extends RepositoryForm $refusals = []; foreach ($this->providedPermissions as $moduleName => $permissionList) { + $hasFullPerm = false; foreach ($permissionList as $name => $spec) { $elementName = $this->filterName($name); if (isset($values[$elementName]) && $values[$elementName]) { $permissions[] = $name; + + if (isset($spec['isFullPerm'])) { + $hasFullPerm = true; + } } $denyName = $this->filterName(self::DENY_PREFIX . $name); @@ -389,6 +403,11 @@ class RoleForm extends RepositoryForm unset($values[$elementName], $values[$denyName]); } + + $modulePermission = Manager::MODULE_PERMISSION_NS . $moduleName; + if ($hasFullPerm && ! in_array($modulePermission, $permissions, true)) { + $permissions[] = $modulePermission; + } } unset($values[self::WILDCARD_NAME]);