403 forbidden on version editing
Closed this issue · 6 comments
When trying to reach on "edit" link of one of the plugins I created under Booster, I lead to a "403 forbidden".
this should not happened.
i think you're trying to edit a version that is not yet moderated.
so the message should be more smooth and less restrictive.
so i suspect a bad check.
have to see that.
Just FYI, this was not a not-yet-moderated version (don't even know if there is a link for non-moderated version ...).
All my versions are now moderated and I still have the same issue.
I suppose there are Acl2 under the hood and I do not have correct rights automatically ...
I've been looking to the code and it seems indeed that a user (admins or so) can have edit rights on all versions, but there is no user-scale rights about editing.
Or may be, in several places, we have code like :
$user_id != jAuth::getUserSession()->id or ! jAcl2::check('booster.edit.version')
whereas it should be :
$user_id != jAuth::getUserSession()->idand! jAcl2::check('booster.edit.version')
the issue is in the jAcl2 migration i made
here https://github.com/foxmask/Booster/blob/master/booster/modules/booster/install/install.php
i should have to do a createUser before the addUserToGroup so all the jacl2 table will be populate.
i've made the change you suggested
can you make a try ? if it's ok i'll commit and push
it's ok but i still have to do with this issuecomment-2295668