From 2544687b27119107a26f5c8518a0319a84c7b34e Mon Sep 17 00:00:00 2001 From: Benjamin Renard Date: Tue, 2 Feb 2021 19:05:09 +0100 Subject: [PATCH] LSsession::checkAccess(): fix checking read right --- src/includes/class/class.LSsession.php | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/src/includes/class/class.LSsession.php b/src/includes/class/class.LSsession.php index 519bd442..3d268d9e 100644 --- a/src/includes/class/class.LSsession.php +++ b/src/includes/class/class.LSsession.php @@ -2213,10 +2213,7 @@ class LSsession { self :: log_trace("canAccess($LSobject,$dn,$right,$attr): right detected = '$r'"); if (($right=='r')||($right=='w')) { - if ($r==$right) { - return true; - } - return; + return self :: checkRight($right, $r); } else { if ( ($r=='r') || ($r=='w') ) { @@ -2232,7 +2229,7 @@ class LSsession { if (($right=='r')||($right=='w')) { foreach($whoami as $who) { foreach ($attrs_conf as $attr_name => $attr_config) { - if (isset($attr_config['rights'][$who]) && $attr_config['rights'][$who]==$right) { + if (isset($attr_config['rights'][$who]) && self :: checkRight($right, $attr_config['rights'][$who])) { return true; } } @@ -2251,6 +2248,20 @@ class LSsession { return; } + /** + * Check a requested right against maximum right of a user + * @param string $requested The requested right + * @param string $authorized The authorized maximum right + * @return boolean + */ + public function checkRight($requested, $authorized) { + if ($requested == $authorized) + return true; + if ($requested == 'r' && $authorized == 'w') + return true; + return false; + } + /** * Retourne le droit de l'utilisateur à editer à un objet *