Thread: Add-On Releases - PS - HelpCenter
View Single Post
  #758  
Old 01-30-2009, 12:55 PM
inciarco's Avatar
inciarco inciarco is offline
 
Join Date: Mar 2007
Posts: 758
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Vaupell View Post
tested this with a normal user i cannot edit tickets when i change the url

i can reply with a new msg and i can attach stuff
but i cannot edit existing threads in the tickets.

But if im on any moderator,supmod or admin i can edit them all.

Feel free to test, the first 3 tickets are tests
user :
Code:
 vbetest
pass :
Code:
 test
that user is a normal "registered" usergroup with wery limited forum acces
but got acces to helpcenter.



Ewen if i try to enter the Closeticket or editticket in the url
helpcenter.php?do=closeticket&tid=3 It just says you dont have acces
helpcenter.php?do=editticket&tid=3 It just says you dont have acces

as im concerned it works fine, only two problems
- private tickets ARE NOT PRIVATE.
- anyone can reply to tickets.
You Haven't Set Premissions for that Test Usergroup to Edit/Open/Close/Delete Tickets, that's why they can't do those Actions Not Even with Their Own Tickets. (I've done the Exercise with a Test User http://www.evisystems.org/forums/hel...o=ticket&tid=4 and that's why the Dropdown Menu that Shoul Appear at the Right of the Ticket doesn't Appear.

Do the Exercise EXACTLY as I Wrote in my Message, setting the Permissions EXACTLY as I've Described, do the Exercise, and You'll see yourself Editing/Deleting/Closing/Opening the Tickets of Any Other User (Even Admins).

I Keep my Conclusions as I mentioned them in my Last Reply, a HUGE BUG and Privacy Problem with the Ticket Info of other Users (Anybody can Edit/Delete/Open/Close Anybodies's Tickets if you set to YES the Options to Edit/Delete/Open/Close Tickets, Not ANY Ticket, just Tickets, because the ANY Tickets Function is Not in Use and the Edit/Delete/Open/Close Tickets is Working as ANY Tickets).

(Read my Other Posts in this Thread, I Reported that Bug many Months Ago but only in my Last Post I decided to Describe the Exact Process so that Anybody can Test and Know Exactly the Problem).

Other BUG, (but that would be workable if the other Bug weren't Happening) is that if you Set to YES the Permissions to Edit/Delete/Open/Close Tickets, you'll see the Dropdown Menu for those Options in ALL Tickets, and this should only be Displayed in the Tickets you can Perform Actions With.

My Best Regards.

Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01285 seconds
  • Memory Usage 1,773KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete