- Forums
- Support and Presales
- Professional Members Support
- [#3201] Not Authorized when editing in backend
[#3201] Not Authorized when editing in backend
krileon
Team Member- OFFLINE
- Posts: 68528
- Thanks: 9093
- Karma: 1434
12 years 1 week ago #198041
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Re: Not Authorized when editing in backend
That's not necessarily a bug. It results in GID being missing so it's always going to cause authorization checks to fail. The params field always needs to be available, but it doesn't have to be visible (see CB > Configuration > User Profile).
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
- ndee
- OFFLINE
-
Platinum Member
- Posts: 544
- Thanks: 6
- Karma: 19
12 years 1 week ago #198146
by ndee
###################
SPEED UP HELP, read first: Help us help you
###################
Replied by ndee on topic Re: Not Authorized when editing in backend
What do you mean by GID? As mentioned in the bug report, if params field is missing then there are no "approved" and "confirmed" vars submitted with the form and the security check on line 117 of administrator/components/com_comprofiler/controller/controller.user.php fails.
For me, if I can "configure" a software to break somehow it is a bug and this is the case. If the params field is moved to a tab wich is not published CB does not work anymore in backend. Your opinion may differ.
For me, if I can "configure" a software to break somehow it is a bug and this is the case. If the params field is moved to a tab wich is not published CB does not work anymore in backend. Your opinion may differ.
###################
SPEED UP HELP, read first: Help us help you
###################
Please Log in to join the conversation.
- nant
Team Member- OFFLINE
- Posts: 25531
- Thanks: 1834
- Karma: 877
12 years 1 week ago #198159
by nant
I agree that there is way too much flexibility and users can mess things up by not doing things properly.
As Kyle said:
--
Nick (nant)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Tutorials + Search the forums
For more add-ons and support: Upgrade your membership
Links: Community Builder - Languages - Adv/Pro/Dev membership - CBSubs Paid Subscriptions - GPL Templates - Hosting
Visit my CB Profile - Send me a Private Message (PM)
Replied by nant on topic Re: Not Authorized when editing in backend
ndee wrote: What do you mean by GID? As mentioned in the bug report, if params field is missing then there are no "approved" and "confirmed" vars submitted with the form and the security check on line 117 of administrator/components/com_comprofiler/controller/controller.user.php fails.
For me, if I can "configure" a software to break somehow it is a bug and this is the case. If the params field is moved to a tab wich is not published CB does not work anymore in backend. Your opinion may differ.
I agree that there is way too much flexibility and users can mess things up by not doing things properly.
As Kyle said:
The params field always needs to be available, but it doesn't have to be visible (see CB > Configuration > User Profile).
--
Nick (nant)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Tutorials + Search the forums
For more add-ons and support: Upgrade your membership
Links: Community Builder - Languages - Adv/Pro/Dev membership - CBSubs Paid Subscriptions - GPL Templates - Hosting
Visit my CB Profile - Send me a Private Message (PM)
Please Log in to join the conversation.
- ndee
- OFFLINE
-
Platinum Member
- Posts: 544
- Thanks: 6
- Karma: 19
12 years 1 week ago #198164
by ndee
Ok, which option? "Fields Validation"? If set to no, it does not solve the problem. The other options do not seem related? Please be clear which option set to what.
I can just say it a third time. If the params field is on an unpublished tab the security check fails because the $_POST data vars "approved" and "confirmed" are missing.
###################
SPEED UP HELP, read first: Help us help you
###################
Replied by ndee on topic Re: Not Authorized when editing in backend
nant wrote: As Kyle said:
The params field always needs to be available, but it doesn't have to be visible (see CB > Configuration > User Profile).
Ok, which option? "Fields Validation"? If set to no, it does not solve the problem. The other options do not seem related? Please be clear which option set to what.
I can just say it a third time. If the params field is on an unpublished tab the security check fails because the $_POST data vars "approved" and "confirmed" are missing.
###################
SPEED UP HELP, read first: Help us help you
###################
Please Log in to join the conversation.
- krileon
- Team Member
- OFFLINE
- Posts: 68528
- Thanks: 9093
- Karma: 1434
12 years 6 days ago #198186
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Re: Not Authorized when editing in backend
Set "Allow user to edit his CMS parameters in frontend" to "No" and it won't show those fields anymore on frontend.Ok, which option? "Fields Validation"? If set to no, it does not solve the problem. The other options do not seem related? Please be clear which option set to what.
It's not supposed to be on an unpublished tab. It must always be present. It contains hidden fields that are set by the Params field that are vital to a users storage such as approval, confirmation, and GID(s).I can just say it a third time. If the params field is on an unpublished tab the security check fails because the $_POST data vars "approved" and "confirmed" are missing.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
- ndee
- OFFLINE
-
Platinum Member
- Posts: 544
- Thanks: 6
- Karma: 19
12 years 5 days ago - 12 years 5 days ago #198280
by ndee
###################
SPEED UP HELP, read first: Help us help you
###################
Replied by ndee on topic Re: Not Authorized when editing in backend
Ok, now I understand. We are talking about different things. I was talking about the BACKEND. Even Super Administrator can't edit/save users or even his own profile in backend if the params field is on unpublished.
It might help if you just take a look at the mentioned source code. Therefore I suggested that the approved and confirmed params get by default included into backend edit. But maybe there is a better solution.
But I take it as it is. I can't waste more time making my point if you are unwilling to see the problem or even try to reproduce my error. This bug already took too much time and frustration. Take it or leave it.
It might help if you just take a look at the mentioned source code. Therefore I suggested that the approved and confirmed params get by default included into backend edit. But maybe there is a better solution.
But I take it as it is. I can't waste more time making my point if you are unwilling to see the problem or even try to reproduce my error. This bug already took too much time and frustration. Take it or leave it.
###################
SPEED UP HELP, read first: Help us help you
###################
Last edit: 12 years 5 days ago by ndee.
Please Log in to join the conversation.
Moderators: beat, nant, krileon
- Forums
- Support and Presales
- Professional Members Support
- [#3201] Not Authorized when editing in backend
Time to create page: 0.226 seconds
-
You are here:
- Home
- Forums
- Support and Presales
- Professional Members Support
- [#3201] Not Authorized when editing in backend