Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Won't Do
-
3.1.0-dev
-
None
-
None
-
None
Description
acl_getf_global does not check the global permission setting if a local option does exist.
This causes some unexpected issues because of inconsistent use of acl_getf_global.
Some places check acl_get and acl_getf_global, which together check all local forums and the global setting, but others just check acl_getf_global (probably because it was thought that it would return true if they had that global permission setting set).
An example of the inconsistency is the U_MCP link and the mcp.php page, U_MCP checks both for m_ and mcp.php checks acl_getf_global for m_. So if the user does not have any local moderator permissions set, but global ones, they can see the U_MCP link, but not actually go to the mcp.php because of a not authorized error.
So the options are:
Change acl_getf_global to always check global permissions, even if local permissions exist.
Check and change all uses of acl_getf_global to make sure they also check acl_get for the global setting.
I believe the first option would be the expected behavior, since a global setting of yes means they have permission in all locals.