diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2008-06-08 12:10:51 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2008-06-08 12:10:51 +0200 |
| commit | 34aeb4af497a734c76369e97747f45b938cc527e (patch) | |
| tree | bf5734b4eedf0254efefebdc9c5b6ce54025253f | |
| parent | b312ac050bd5bf1498dc74b918b430acb116eaf9 (diff) | |
| download | rpg-34aeb4af497a734c76369e97747f45b938cc527e.tar.gz rpg-34aeb4af497a734c76369e97747f45b938cc527e.tar.bz2 | |
check ACLs correctly if only groups but no user is given FS#1415
When only an array of groups but no username where passed to auth_aclcheck()
it defaulted to use the @ALL group only. This is not critical because this
does not happen anywhere in the code.
Only exception is when building the plain english explanation of an ACL rule
in the ACL manager.
darcs-hash:20080608101051-7ad00-0abd42f84c04473ad4fca149893a1b4d931ece48.gz
| -rw-r--r-- | inc/auth.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/inc/auth.php b/inc/auth.php index a71a5aa86..9164522bf 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -423,11 +423,11 @@ function auth_aclcheck($id,$user,$groups){ $ns = getNS($id); $perm = -1; - if($user){ + if($user || count($groups)){ //add ALL group $groups[] = '@ALL'; //add User - $groups[] = $user; + if($user) $groups[] = $user; //build regexp $regexp = join('|',$groups); }else{ |