Skip to content

Commit b88f933

Browse files
nilsteampassnetnilsteampassnet
nilsteampassnet
authored and
nilsteampassnet
committed
2.1.27
Fix for #2564, #2563, #2560, #2536, #2505, #2503, #2439
1 parent 8bd47d4 commit b88f933

File tree

3 files changed

+28
-20
lines changed

3 files changed

+28
-20
lines changed

changelog.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
2.1.27
22
35/
3+
#2564 Permissions problem
34
#2563 Unable to add item via API
45
#2560 Fix an issue for one time password changes if current user is not root
56
#2536 low 40bit RC4 - pdf export?

sources/identify.php

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -628,7 +628,7 @@ function identifyUser(
628628
$ldapconn,
629629
$SETTINGS['ldap_search_base'],
630630
$filter,
631-
array('dn', 'mail', 'givenname', 'sn', 'samaccountname', 'shadowexpire')
631+
array('dn', 'mail', 'givenname', 'sn', 'samaccountname', 'shadowexpire', 'useraccountcontrol')
632632
);
633633
if ($debugLdap == 1) {
634634
fputs(
@@ -830,6 +830,13 @@ function identifyUser(
830830
exit();
831831
}
832832

833+
// Is user disabled?
834+
$user_info_from_ad = $adldap->user()->info($auth_username, array("useraccountcontrol"));
835+
if ((($user_info[0]['useraccountcontrol'][0] & 2) == 0) === false) {
836+
echo '[{"value" : "user_disabled'.$auth_username.'", "text":""}]';
837+
exit();
838+
}
839+
833840
// Update user's password
834841
if ($ldapConnection === true) {
835842
$data['pw'] = $pwdlib->createPasswordHash($passwordClear);
@@ -930,7 +937,7 @@ function identifyUser(
930937
//Because we didn't use adLDAP, we need to set the user info from the ldap_get_entries result
931938
$user_info_from_ad = $result;
932939
} else {
933-
$user_info_from_ad = $adldap->user()->info($auth_username, array("mail", "givenname", "sn"));
940+
$user_info_from_ad = $adldap->user()->info($auth_username, array("mail", "givenname", "sn", "useraccountcontrol"));
934941
}
935942

936943
DB::insert(

sources/items.queries.php

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -2601,29 +2601,29 @@
26012601
$accessLevel = 2;
26022602
$arrTmp = [];
26032603
foreach (explode(';', $_SESSION['fonction_id']) as $role) {
2604-
$access = DB::queryFirstRow(
2605-
"SELECT type FROM ".prefix_table("roles_values")." WHERE role_id = %i AND folder_id = %i",
2606-
$role,
2607-
$post_id
2608-
);
2609-
if ($access['type'] === "R") {
2610-
array_push($arrTmp, 1);
2611-
} elseif ($access['type'] === "W") {
2612-
array_push($arrTmp, 0);
2613-
} elseif ($access['type'] === "ND") {
2614-
array_push($arrTmp, 2);
2615-
} else {
2616-
// Ensure to give access Right if allowed folder
2617-
if (in_array($post_id, $_SESSION['groupes_visibles']) === true) {
2604+
if (empty($role) === false) {
2605+
$access = DB::queryFirstRow(
2606+
"SELECT type FROM ".prefix_table("roles_values")." WHERE role_id = %i AND folder_id = %i",
2607+
$role,
2608+
$post_id
2609+
);
2610+
if ($access['type'] === "R") {
2611+
array_push($arrTmp, 1);
2612+
} elseif ($access['type'] === "W") {
26182613
array_push($arrTmp, 0);
2614+
} elseif ($access['type'] === "ND") {
2615+
array_push($arrTmp, 2);
26192616
} else {
2620-
array_push($arrTmp, 3);
2617+
// Ensure to give access Right if allowed folder
2618+
if (in_array($post_id, $_SESSION['groupes_visibles']) === true) {
2619+
array_push($arrTmp, 0);
2620+
} else {
2621+
array_push($arrTmp, 3);
2622+
}
26212623
}
26222624
}
26232625
}
2624-
$accessLevel = min($arrTmp);
2625-
$uniqueLoadData['accessLevel'] = $accessLevel;
2626-
2626+
26272627
// check if this folder is a PF. If yes check if saltket is set
26282628
if ((!isset($_SESSION['user_settings']['encrypted_psk']) || empty($_SESSION['user_settings']['encrypted_psk'])) && $folderIsPf === true) {
26292629
$showError = "is_pf_but_no_saltkey";

0 commit comments

Comments
 (0)