[geeklog-devel] GSoC 2010 is on

Joe Mucchiello joe at ThrowingDice.com
Wed Feb 17 03:27:08 EST 2010

At 12:39 AM 2/17/2010, Vincent Furia wrote:
>Adding user groups to the core is going to make many of the SEC_ 
>functions much more complicated, slowing them down for many sites 
>that won't use the functionality. Also, more complicated code == 
>more potential for bugs.

The following functions in lib-security are unchanged by my proposal
SEC_groupIsRemoteUserAndHaveAccess, SEC_inGroup, SEC_isModerator, 
SEC_hasTopicAccess, SEC_hasAccess, SEC_hasAccess2, SEC_hasRights, 
SEC_getPermissionsHTML, SEC_getUserPermissions, 
SEC_getPermissionValues, SEC_getPermissionValue, SEC_getFeatureGroup, 
SEC_authenticate, SEC_checkUserStatus, SEC_remoteAuthentication, 
SEC_collectRemoteAuthenticationModules, SEC_setDefaultPermissions, 
SEC_buildAccessSql, SEC_removeFeatureFromDB, SEC_encryptPassword, 
SEC_createToken, SEC_checkToken, SEC_getTokenExpiryTime, 
SEC_getTokenExpiryNotice, SEC_setCookie, SEC_filterPermissions
SEC_addUserToGroup  < - - Totally unused by anything I'm aware of

The following functions are changed:
SEC_getUserGroups  (to allow filtering out of groups based on their 
being user groups or not, default parameter would be no filter)
SEC_getGroupDropdown (to call above with filter = 'grp_gl_core <> 2')

Every call to those two functions in public_html/admin/*.php also 
probably needs to be modified. The number of calls to the two 
functions in the 1.6.1 tarball is about 40 of which only 10 need the 
filter based on my quick search through the code. This is the bulk of 
the patch that requires someone to spend a little time determining 
whether the filter should be included on the call.

Adding a SEC_createSystemGroup function would be helpful so that 
stuff like admin/plugins.php's autoinstall function, 
admin/lib-install, admin/lib-upgrade (and user plugins) could safely 
create new administrative groups. (The function would also have a 
bool param to indicate whether or not to add ROOT to the group automatically.)

Direct SQL calls targeting gl_groups and gl_group_assignments in 
public_html/admin/groups.php would need to have the user groups filtered out.

The static SQL statements in geeklog/sql could be updated to 
explicitly set the new field on gl_groups to 0. But since the field 
would default to 0 that isn't strictly necessary.

That is essentially the full extent of changes I was proposing for 
the patch. Very little new code is needed. None of the added code 
complicates the core significantly.

Joe Mucchiello
Throwing Dice Games

No virus found in this outgoing message
Checked by PC Tools AntiVirus ( - 10.004.153).

More information about the geeklog-devel mailing list