[Logo] JForum - Powering Communities
  [Search] Search   [Recent Topics] Recent Topics   [Hottest Topics] Hottest Topics   [Top Downloads] Top Downloads   [Members] Member Listing   [Groups] Back to home page 
[Moderation Log] Moderation Log   [Register] Register /  [Login] Login 


JForum 2.5.0 released, download it from here.
Calrification about permission check in canAccess() method  RSS feed
Forum Index » Developer Forum
Author Message
Mo3tazElHawary


Joined: 2014/11/11
Messages: 1
Offline
Hi,

I need a clarification about
@ net.jforum.repository.SecurityRepository
public static boolean canAccess(int userId, String roleName, String value) {
return (value != null ? pc.canAccess(roleName, value) : pc.canAccess(roleName)); <------
}
why if the (value == null ) , it calls ( pc.canAccess(roleName))
That causes a bug that if the user don't have a permission (like:perm_create_sticky_announcement_topics)on a forum (A) , but have it on another forum (B), he will get that permission on (A) too
 
Forum Index » Developer Forum
Go to:   
Mobile view
Powered by JForum 2.5.0 © 2018 JForum Team • Maintained by Andowson Chang and Ulf Dittmer