The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Permissions
#1
having some issue with permission , not sure if im doing it wrong or actual bug.
just created userspice with 4.3.5

made page call test.php - located outside of /users . thus on root of site.

<?php
require_once 'users/init.php';
require_once $abs_us_root.$us_url_root.'users/includes/header.php';
require_once $abs_us_root.$us_url_root.'users/includes/navigation.php';
?>

<?php if (!securePage($_SERVER['PHP_SELF'])){die();} ?>
<?php
//PHP Goes Here!
?>
<div id="page-wrapper">
<div class="container-fluid">
<div class="row">
<div class="col-sm-12">
<h1>This is the main content section</h1>

<?php if($user->isLoggedIn()){
$user_id = $user->data()->id;
// echo $user_id;
if (hasPerm([1],$user_id))
{
echo "<br> Has user access <br>";
}
if (hasPerm([2],$user_id))
{
echo "<br> Has admin access <br>";
}
if (hasPerm([3],$user_id))
{
echo "<br> Has expiremental access <br>";
}
if (hasPerm([4],$user_id))
{
echo "<br> Has none exisiting group access <br>";
}
}
else
{
echo " please login ";
}
?>
</div> <!-- /.col -->
</div> <!-- /.row -->
</div> <!-- /.container -->
</div> <!-- /.wrapper -->


<!-- footers -->
<?php require_once $abs_us_root.$us_url_root.'users/includes/page_footer.php'; // the final html footer copyright row + the external js calls ?>

<!-- Place any per-page javascript here -->

<?php require_once $abs_us_root.$us_url_root.'users/includes/html_footer.php'; // currently just the closing /body and /html ?>

i set page permission to group 3 . ie no admin selected.

when i visit the page as admin i get . all 4 echo statements.
group 4 does not exist.

what i wanted to is to show some content based on level . ie on the page can read <p>1 </p> if basic user, can continue to read <p>2 </p> if experimental user . etc . so not separate pages but restrict part of page based on access level .

actual site sms.an-holdings.com/app/V2/test.php
  Reply
#2
I pulled my hair out on this a little bit, but I think I figured out what's going on.

It's not the fact that you're logging in as admin, it's the fact that you're login in as the user with the id of 1.

There is an anti lockout rule that prevents user 1 from getting locked out of any page in userspice. I'm guessing if you make another user and give them admin access and login as them, the page will work as expected.
  Reply
#3
Additionally, anyone within the master account array has unrestricted access. hasPerm and checkMenu will always return true if within the master account array.
  Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)