|
Hi,
I need a clarification about
@ net.jforum.repository.SecurityRepository
public static boolean canAccess(int userId, String roleName, String value) {
return (value != null ? pc.canAccess(roleName, value) : pc.canAccess(roleName)); <------
}
why if the (value == null ) , it calls ( pc.canAccess(roleName))
That causes a bug that if the user don't have a permission (like:perm_create_sticky_announcement_topics)on a forum (A) , but have it on another forum (B), he will get that permission on (A) too
|
![[Logo]](/templates/default/images/logo.jpg){kind=logo}
![[Search]](/templates/default/images/icon_mini_search.gif){kind=icon}
![[Recent Topics]](/templates/default/images/icon_mini_recentTopics.gif){kind=icon}
![[Groups]](/templates/default/images/icon_mini_groups.gif){kind=icon}
![[Register]](/templates/default/images/icon_mini_register.gif){kind=icon}
![[Login]](/templates/default/images/icon_mini_login.gif){kind=icon}
![[Post New]](/templates/default/images/icon_minipost_new.gif){kind=icon}
![[Up]](/templates/default/images/icon_up.gif){kind=icon}
