• Register
    • Help

    striker  0 Items
    Currently Supporting
    • Home
    • News
    • Forum
    • Wiki
    • Support
      • Manage Subscriptions
      • FAQ
      • Support For
        • VaultWiki 4.x Series
        • VaultWiki.org Site
    • What's New?
    • Buy Now
    • Manual
    • 
    • Support
    • VaultWiki 4.x Series
    • Bug
    • Check that Permissions Cascade as Expected

    1. Welcome to VaultWiki.org, home of the wiki add-on for vBulletin and XenForo!

      VaultWiki allows your existing forum users to collaborate on creating and managing a site's content pages. VaultWiki is a fully-featured and fully-supported wiki solution for vBulletin and XenForo.

      The VaultWiki Team encourages you to join our community of forum administrators and check out VaultWiki for yourself.

    Issue: Check that Permissions Cascade as Expected

    • Issue Tools
      • View Changes
    1. issueid=3011 April 9, 2013 2:25 PM
      pegasus pegasus is offline
      VaultWiki Team
      Check that Permissions Cascade as Expected
      I have a feeling masks may not be applied correctly, and I'm pretty sure Infraction groups are not being used.
      This is not enough to create an XSS hole, since the user would have had to have permissions to execute XSS to begin with.
      Still permissions should cascade as expected to avoid surprises and head-bashing.

      1. Default all permissions to "No".
      2. Does the user have an Access Mask or Moderator Permissions for the current forum?
        1. If yes, use the permissions exactly as set in this Mask, and exit.
        2. If no, then 3.
      3. Does the user have an Access Mask or Super-Moderator Permissions for the entire forum?
        1. If yes, use the permissions exactly as set in this Mask, and exit.
        2. If no, then 4.
      4. For each user-group the user is in:
        1. Does this group have custom permissions for the current forum?
          1. If yes, apply the "Yes" values for the current forum.
          2. If no, does this group have custom permissions for a parent forum?
            1. If yes, apply the "Yes" values from the parent forum.
            2. If no, apply the "Yes" values from the group's main Usergroup Permissions.
      5. If the user has more groups, repeat step 4.
      6. For each infraction group the user is in (based on infraction points):
        1. Apply the "No" values, overwriting any conflicting "Yes" values.
      7. If the user has more infraction groups, repeat step 6.
    Issue Details
    Issue Number 3011
    Issue Type Bug
    Project VaultWiki 4.x Series
    Category Permissions / Security
    Status Fixed
    Priority 3 - Loss of Functionality
    Affected Version 4.0.0 Alpha 5
    Fixed Version 4.0.0 Alpha 6
    Milestone VaultWiki 4 Alpha X
    Software DependencyAny
    License TypePaid
    Users able to reproduce bug 0
    Users unable to reproduce bug 0
    Attachments 0
    Assigned Users (none)
    Tags (none)




    1. April 9, 2013 4:41 PM
      pegasus pegasus is offline
      VaultWiki Team
      Fixed in the next release. Infraction groups will be calculated as expected.

      Additionally the code design in vw_Permissions_Model has changed. Rather than a single loop, multiple loops are used, which should improve reliability when different precedences are involved (e.g. masks versus a customized group).
      Reply Reply  
    + Reply

    Assigned Users
    Loading Please Wait
    Tags
    Loading Please Wait
    • Contact Us
    • License Agreement
    • Privacy
    • Terms
    • Top
    All times are GMT -4. The time now is 9:01 AM.
    This site uses cookies to help personalize content, to tailor your experience, and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Learn more… Accept Remind me later
  • striker
    Powered by vBulletin® Version 4.2.5 Beta 2
    Copyright © 2025 vBulletin Solutions Inc. All rights reserved.
    Search Engine Optimisation provided by DragonByte SEO (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
    Copyright © 2008 - 2024 VaultWiki Team, Cracked Egg Studios, LLC.