You are not authorized to view this resource

Myles · 27.07.2004, 16:58

Ok check this out....

I installed party staff and set it to public access for viewing and then added the "update details" menu item for registered users to update their details using the party staff extended features.

Now when you are a public user and want to look at the "full details" of a staff member on the party staff component you get the message "You are not authorized to view this resource".

So I hunted around for the little bugger of a function that was doing this and I found a possible bug.

The function I found was not part of party staff at all. It was in the "<mabo root>/classes/mambo.php". The function is called "mosMenuCheck".

Now what happened was that there were two items in the "mos_menu" table that linked to the "com_partystaff" component (this can be seen in the "link" column). The SQL in the "mosMenuCheck" function would select all the items in the "mos_menu" table that had the word "com_partystaff" in the "link" column.

Because one of these items was for "registered" and the other was for "public" the code in this function selected the last entry in the result set and this result was the "registered" access row. This then made the "You are not authorized to view this resource" message come up on the party staff "full details" page when it should have let you see it.

This is how I fixed it...

PHP Code:

  /**

* Checks whether a menu option is within the users access level

* @param int Item id number

* @param string The menu option

* @param int The users group ID number

* @param database A database connector object

* @return boolean True if the visitor's group at least equal to the menu access

*/

function mosMenuCheck( $Itemid, $menu_option, $task, $gid ) {

    global $database;

    $dblink="index.php?option=$menu_option";

    if ($Itemid!="" && $Itemid!=0) {

        $database->setQuery( "SELECT access FROM #__menu WHERE id='$Itemid' And type<>'url'" );

    } else {

        if ($task!="") {

            $dblink.="&task=$task";

        }

        $database->setQuery( "SELECT access FROM #__menu WHERE link like '$dblink%' And type<>'url'" );

    }

    $results = $database->loadObjectList();

    $access = 0;

    //echo "<pre>"; print_r($results); echo "</pre>";

    foreach ($results as $result) {

        $access = max( $access, $result->access );

    }

    return ($access <= $gid);

}

Basically I just got it to ignore the "URL" type in the menu as the "component" type is more likley how we want it to work.

Hope this is usefull to someone.

Laters

nascent · 15.08.2004, 18:21

Just wanted to say thanks Myles.

I was looking for ages to find what was causing the problem and you hit it in one.

Cheers
n

Myles · 08.09.2004, 23:06

Hey, no problem mate.

Glad it was of some help to you.

raydar · 11.09.2004, 18:37

Thanks Myles! I had just ran into this problem. You might want to post it as a bug and a fix to the Mambo team.

Again thanks.

Myles · 12.09.2004, 19:48

I thought they would read this forum LOL

Where would I go to send a fix then?

Caygill · 26.09.2004, 20:11

Gee, thanks Myles!
First time I actually found directly a solution to an issue!!!
Make this sticky.

demito · 15.10.2004, 17:49

i've got some problems with my loudmouth...
A Big thanks

demito · 23.10.2004, 07:17

when use this hack, my loudmouth works fine but my pms not accessible, even if when my user login

fly476 · 05.11.2004, 02:25

Hey guys,

Im not a PHP prorgamer so i dont understand thew code stuff (im trying to learn) how can i fix my problem. it seems the same as you have described above. any help would be appriciated

VicentGiner · 30.11.2004, 17:43

Hello!

I also have similar problems with my Mambo. I'm usig version 4.5.0 (1.0.9).

So, my question is this: Is that bug and that "patch" related with my Mambo version?

Thank you in advance.