Bug #7890

Clean up security check classes

Added by Jesús García Crespo over 7 years ago. Updated almost 6 years ago.

Status:VerifiedStart date:10/08/2014
Priority:MediumDue date:
Assignee:Sara Allain% Done:

0%

Category:Access ControlEstimated time:2.00 hours
Target version:Release 2.3.0
Google Code Legacy ID: Tested version:
Sponsored:No Requires documentation:

Description

Regarding to the following two files:
  • SecurityCheck.class.php
  • SecurityPrivileges.class.php
We've found that:
  • It should be "Privileges", not "Priviliges" (thanks MikeG!)
  • Overlaps with QubitAcl?
  • The code style is not the expected
  • The implementation could use a hashmap? e.g. https://gist.github.com/sevein/417917c79764f0b60b60
  • SecurityCheck is only used twice, probably unneeded?

Context: https://code.google.com/p/qubit-toolkit/source/list?path=/trunk/lib/SecurityPriviliges.class.php&start=10288

History

#2 Updated by Jesús García Crespo about 7 years ago

  • Target version changed from Release 2.2.0 to Release 2.3.0

#3 Updated by Jesús García Crespo about 7 years ago

  • Description updated (diff)

#4 Updated by Jesús García Crespo about 7 years ago

  • Subject changed from Cleanup security check classes to Clean up security check classes

#5 Updated by Jesús García Crespo over 6 years ago

  • Assignee deleted (Jesús García Crespo)

#6 Updated by Redmine Admin about 6 years ago

  • Assignee set to Jesús García Crespo

#7 Updated by Jesús García Crespo about 6 years ago

  • Status changed from New to Code Review
  • Assignee changed from Jesús García Crespo to José Raddaoui Marín

#9 Updated by José Raddaoui Marín about 6 years ago

  • Status changed from Code Review to Feedback
  • Assignee changed from José Raddaoui Marín to Jesús García Crespo

Nice clean up!

#10 Updated by Jesús García Crespo about 6 years ago

  • Status changed from Feedback to QA/Review
  • Assignee changed from Jesús García Crespo to Dan Gillean

One way to test this is going to the page of a RAD (MODS/ISDIAH/ISAD also affected) description and verify that links like "Title and statement of responsibility area", "Edition area", "Class of material specific details area" or "Dates of creation area" are shown as links that point to the edit page only when the user is a "administrator", "editor", "contributor" or "translator" but not otherwise (unauthenticated, other groups, etc).

If you run "git grep SecurityPrivileges" you'll see a full list of files where this class is used.

#11 Updated by Sara Allain almost 6 years ago

  • Status changed from QA/Review to Verified
  • Assignee changed from Dan Gillean to Sara Allain

Looks good!

Also available in: Atom PDF