View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
---|---|---|---|---|---|---|---|---|---|
0001249 | v3.0 Release | [All Projects] General | public | 2013-02-25 06:40 | 2013-08-28 11:17 | ||||
Reporter | carlosazevedo | ||||||||
Assigned To | caseydk | ||||||||
Priority | normal | Severity | major | Reproducibility | always | ||||
Status | closed | Resolution | fixed | ||||||
Product Version | |||||||||
Target Version | Fixed in Version | 3.0.0 | |||||||
Summary | 0001249: Administrators can't add users. | ||||||||
Description | Whenever I try to create a user, as an administrative user (including the default admin), I get the following error: Access Denied You have attempted to access an item in web2Project without the sufficient permissions to do so. Please contact the web2Project System Administrator. Nevertheless the row with the users' info is created in the 'users' table. | ||||||||
Tags | No tags attached. | ||||||||
Attached Files |
|
![]() |
|
carlosazevedo (reporter) 2013-02-25 07:16 Last edited: 2013-02-25 08:13 |
The Apache log shows the error: [Mon Feb 25 16:14:00 2013] [error] [client 127.0.0.1] C:\\wamp\\www\\web2project3\\classes\\w2p\\Database\\Query.class.php(1137): query failed(INSERT INTO `user_preferences`(`pref_user`,`pref_name`,`pref_value`) VALUES ('50','TASKSEXPANDED','0')) - error was: <span style="color:red">Duplicate entry '50-TASKSEXPANDED' for key 'PRIMARY'</span>, referer: http://localhost/web2project3/index.php?m=admin&a=addedituser This error is generated inside the hook_postStore method. This is the backtrace displayed on screen: ERROR: /home/ctrpt/public_html/web2project3/classes/w2p/Database/Query.class.php(1137) : query failed(INSERT INTO `user_preferences`(`pref_user`,`pref_name`,`pref_value`) VALUES ('50','TASKSEXPANDED','0')) - error was: Duplicate entry '50-TASKSEXPANDED' for key 'PRIMARY' Backtrace: 0 /home/ctrpt/public_html/web2project3/classes/w2p/Database/Query.class.php:1137 dprint() 1 /home/ctrpt/public_html/web2project3/modules/admin/users.class.php:107 exec() 2 /home/ctrpt/public_html/web2project3/classes/w2p/Core/BaseObject.class.php:734 hook_postStore() 3 /home/ctrpt/public_html/web2project3/classes/w2p/Core/Dispatcher.class.php:93 publish() 4 /home/ctrpt/public_html/web2project3/classes/w2p/Core/BaseObject.class.php:349 publish() 5 /home/ctrpt/public_html/web2project3/modules/admin/users.class.php:81 store() 6 /home/ctrpt/public_html/web2project3/modules/admin/do_user_aed.php:67 store() 7 /home/ctrpt/public_html/web2project3/index.php:243 require() |
carlosazevedo (reporter) 2013-02-26 01:18 Last edited: 2013-02-26 07:01 |
Actualy, these are symptoms of two separate bugs; under circunstances I have yet to find out, the 'user_preferences' table ends up with rows for the TASKEXPANDED preference with the 'pref_user' column set to both null and to '0' (one of each). When the hook_postStore method loads the default preferences using a 'where' clause set to 0 (numeric) both rows are loaded and them their insertion is attempted and failed. The other bug is that whenever the default user preferences are stored, a numeric 0 is stored into 'pref_user' but MySQL (or PHP) converts that into a null value. So the 'pref_user' column ends up empty instead of having a '0' in it. By typecasting the $pref_user variable in the do_preference_aed.php file into a string that is avoided. The line should read: $obj->pref_user = (string)$pref_user; Also, setting and filtering varchar fields with numeric values is dangerous, as indicated in the MySQL bug report: http://bugs.mysql.com/bug.php?id=52155 |
carlosazevedo (reporter) 2013-02-26 06:33 |
I've finally found the bug: If a user is created with the same email address as that of another one the 'canCreate' method of the 'CContact' class will return false while storing an error message in the class object. This method is called inside the 'w2p_Core_BaseObject' class' 'store' method to check for insert permissions. Since the method returns a false the insert is not performed, what happens when storing the contact information for the new user. Therefore no row is inserted into the 'contacts' table, therefore making the new user invisible (it does not appear on the user list because it must have a contact row to do so due to a join clause). When the 'view' operation is executed after (half )creating the new user it bombs with a permission error because the new user id is not found on the user list and so the permission test for the 'view' op fails. What should happen would be an error message being displayed when a already existant email is input in the email field of a new user. |
carlosazevedo (reporter) 2013-02-26 07:00 |
After looking some more at the code the problem is at the line: $result = ('' == $result) ? true : $result; in the 'store' method of the 'w2p_Core_BaseObject' class. If the $result variable contains a boolean false it will match the comparison with an empty string, thereby being reverted to a boolean true. Since I can't see how the $result variable can change to an empty string this seems to be a 'left-over' bug. Removing the line solves the problem and the proper error message is displayed. |
caseydk (administrator) 2013-02-26 21:10 |
Resolved: https://github.com/caseysoftware/web2project/commit/711894e97c2b6fa7c7f9d7143ec6cf3bb34840c8 https://github.com/caseysoftware/web2project/commit/1f0ed392f7d39adf5b9fbfebe3ede860a5b36fa1 |
![]() |
|||
Date Modified | Username | Field | Change |
---|---|---|---|
2013-02-25 06:40 | carlosazevedo | New Issue | |
2013-02-25 07:16 | carlosazevedo | Note Added: 0002796 | |
2013-02-25 07:30 | carlosazevedo | Note Edited: 0002796 | |
2013-02-25 08:13 | carlosazevedo | Note Edited: 0002796 | |
2013-02-26 01:18 | carlosazevedo | Note Added: 0002797 | |
2013-02-26 06:33 | carlosazevedo | Note Added: 0002798 | |
2013-02-26 06:34 | carlosazevedo | Note Edited: 0002797 | |
2013-02-26 07:00 | carlosazevedo | Note Added: 0002799 | |
2013-02-26 07:01 | carlosazevedo | Note Edited: 0002797 | |
2013-02-26 21:10 | caseydk | Note Added: 0002801 | |
2013-02-26 21:10 | caseydk | Status | new => resolved |
2013-02-26 21:10 | caseydk | Resolution | open => fixed |
2013-02-26 21:10 | caseydk | Assigned To | => caseydk |
2013-08-28 11:14 | caseydk | Fixed in Version | => 3.0.0 |
2013-08-28 11:17 | caseydk | Status | resolved => closed |