If a role does not have any permissions set, it prevents other roles (that come after it in alphabetical order) from having their permissions set correctly.

To test setup an 'aardvark' role and don't assign it any permissions.

Line 197 in secure_permissions_build_permissions() appears to be at fault. It stops it looping if a role has doesn't have any permissions set.

CommentFileSizeAuthor
#7 secure_permissions-permissions-not-set-bug-1406892-d7-7.patch921 bytesXen
#6 secure_permissions-permissions-not-set-bug-1406892-d7-6.patch1.38 KBkasperg
#2 secure_permissions-permissions-not-set-bug-1406892.patch1.42 KBtunny
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
CreditAttribution: agentrickard commented
Priority: Critical » Normal

Since this can be mitigated (by setting a permission), I don't see it as critical.

I wrote this module to prove a point. It needs a new maintainer.

Patches welcome.

tunny’s picture

tunny CreditAttribution: tunny commented
FileSize
secure_permissions-permissions-not-set-bug-1406892.patch1.42 KB

Patch attached.

This works for me. However it will need double checking.

If a role isn't defined in the exported settings, it will now lose all its permissions. Is this correct behaviour?

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
CreditAttribution: agentrickard commented
Status: Active » Needs review

Probably. Given that exporting an empty role would be a destructive act.

mikebell_’s picture

mikebell_ CreditAttribution: mikebell_ commented

We've been using this in production for a few months now without any issues.

If someone else wants to review then I'll commit it.

Cameron Tod’s picture

Cameron Tod CreditAttribution: Cameron Tod commented
Status: Needs review » Reviewed & tested by the community

Patch looks fine to me.

kasperg’s picture

kasperg CreditAttribution: kasperg commented
FileSize
secure_permissions-permissions-not-set-bug-1406892-d7-6.patch1.38 KB

Ran into the same problem for the Drupal 7 1.5 version of the module.

Here is a patch for that.

Xen’s picture

Xen CreditAttribution: Xen commented
FileSize
secure_permissions-permissions-not-set-bug-1406892-d7-7.patch921 bytes

Typo in previous patch, this fixes that.

ultimateboy’s picture

ultimateboy CreditAttribution: ultimateboy commented
Version: 6.x-1.6 » 7.x-1.x-dev
Status: Reviewed & tested by the community » Fixed

Thanks all. Committed to 7.x.

http://drupalcode.org/project/secure_permissions.git/commit/f72dc8c631f7...

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.