[SOLVED] Permission to open a project with search panel

by **Remiguel** » 07.10.2014, 11:00

With collabtive 2.0, when an user is looking up a project with the search panel, projects are returned correctly, but users are not allowed to open them

: Error.JPG (10.23 KiB) Viewed 10533 times

Which template is responsible to filter this permission?

by **Remiguel** » 08.10.2014, 16:45

I have done a quick comparison between Collabtive 1.2 and 2.0 in term of how they handle the search results

Collabtive 1.2
Project => manageproject.php?action=showproject&id=
Milestones => managemilestone.php?action=showmilestone&msid=
Tasks => managetask.php?action=showtask&tid=

Collabtive 2.0
Project => managefile.php?action=downloadfile&id=
Milestones => managefile.php?action=downloadfile&id=
Tasks => managefile.php?action=downloadfile&id=

With Collabtive 2.0 we are requesting to download elements (instead of showing them) , where it is obviously not allowed.
I guess the template search.tpl has to be modified :roll:

by **Eva** » 09.10.2014, 21:44

Thx, Remiguel, for pointing out the places which needed to be fixed.

Here is the corrected code for the file search.tpl (just replace the whole file):

Code: Select all: {include file="header.tpl" jsload="ajax" jsload3="lightbox"} {include file="tabsmenue-desk.tpl"} <div id="content-left"> <div id="content-left-in"> <div class="neutral"> <h1>{#search#}</h1> <div class="headline"> <a href="javascript:void(0);" id="block_tags_toggle" class="win_block" onclick="toggleBlock('block_tags');"></a> <h2> <img src="./templates/{$settings.template}/theme/{$settings.theme}/images/symbols/search.png" alt="" />{#results#} ({$num}) </h2> </div> <div id="block_tags" class="blockwrapper"> <div class="contenttitle"> <div class="contenttitle_menue"> {* space for tool below title icon *} </div> <div class="contenttitle_in"> {* space for header info *} </div> </div> <div class="content_in_wrapper"> <div class="content_in_wrapper_in"> <div class="inwrapper"> <ul> {section name=obj loop=$result} <li> <div class="itemwrapper" id="iw_{$folders[fold].ID}"> <table cellpadding="0" cellspacing="0" border="0"> <tr> <td class="leftmen" valign="top"> <div class="inmenue"> {if $members[member].avatar != ""} <a class="more" href="javascript:fadeToggle('info_{$members[member].ID}');"></a> {/if} </div> </td> <td class="thumb"> {if $result[obj].type == "file"} <a style="top:-33px;" href="managefile.php?action=downloadfile&id={$result[obj].project}&file={$result[obj].ID}" {if $result[obj].imgfile == 1} rel="lytebox[]" {elseif $result[obj].imgfile == 2} rel="lyteframe[text]" rev="width:650px;height:500px;" {/if}> <img src="templates/{$settings.template}/theme/{$settings.theme}/images/symbols/{$result[obj].icon}" alt="" /> {else} <a href="{$result[obj].url}" title="{$result[obj].name}"> <img src="templates/{$settings.template}/theme/{$settings.theme}/images/symbols/{$result[obj].icon}" alt="" /> </a> {/if} </td> <td class="rightmen" valign="top"></td> </tr> <tr> <td colspan="3"> <span class="name"> {if $result[obj].type == "file"} <a href="managefile.php?action=downloadfile&id={$result[obj].project}&file={$result[obj].ID}" {if $result[obj].imgfile == 1} rel="lytebox[]" {elseif $result[obj].imgfile == 2} rel="lyteframe[text]" rev="width:650px;height:500px;" {/if}>{$result[obj].name|truncate:13:"...":true} {elseif $result[obj].name != ""} <a href="{$result[obj].url}" title="{$result[obj].name}">{$result[obj].name|truncate:13:"...":true}</a> {else} <a href="{$result[obj].url}" title="{$result[obj].title}">{$result[obj].title|truncate:13:"...":true}</a> {/if} </a> </span> </td> <tr/> </table> {if $members[member].avatar != ""} <div class="moreinfo" id="info_{$members[member].ID}" style="display:none"> <img src="thumb.php?pic=files/{$cl_config}/avatar/{$members[member].avatar}&width=82" alt="" onclick="fadeToggle('info_{$members[member].ID}');" /> <span class="name"><a href="manageuser.php?action=profile&id={$members[member].ID}">{$members[member].name|truncate:15:"...":true}</a></span> </div> {/if} </div> {* itemwrapper end *} </li> {/section} {* loop folder end *} </ul> </div> {* inwrapper end *} </div> {* content_in_wrapper_in end *} </div> {* content_in_wrapper end *} <div class="staterow"> <div class="staterowin"> {* space for whatever *} </div> </div> <div class="tablemenue"></div> </div> {* block_tags end *} <div class="content-spacer"></div> </div> {*Neutral END*} </div> {*content-left-in END*} </div> {*content-left END*} {include file="sidebar-a.tpl"} {include file="footer.tpl"}

by **Remiguel** » 12.10.2014, 12:26

Thanks Eva for the fix
Updated and works fine

[SOLVED] Permission to open a project with search panel

[SOLVED] Permission to open a project with search panel

Re: Permission to open a project with search panel

Re: Permission to open a project with search panel

Re: [SOLVED] Permission to open a project with search panel

Who is online