Bug Transaction Log bug affecting users without permissions

Status
Not open for further replies.
S

Sbenny

Customer
I set registered users permissions in order to NOT be able to view everyone's transaction logs.

Now if, as registered user, you open the transation logs from the forum menu, you indeed see only your transactions, and it's working as intended but if you use the Filter and add any usernames, such as the admin's username or any members, you're still able to see their transactions.

So, in order to reproduce the issue, simply have a test account with default permissions and you'll see he'll have the same ability admins have to check every users' transactions.
 
Sorry for the delay. I've looked into this, because I'm further ahead in development of v6.1 I can't test this myself, so can you try making the following change:

/src/addons/DBTech/Credits/Action/Main.php approx. line 45, change
PHP: 
if (DBTech::visitor('userid') != $filters['userid'])
to
PHP: 
if (DBTech::visitor('userid') != $filters['userid'] && DBTech::app()->usergroupPermission('dbtech_credits', 'viewlog', $self['permissions'], $self))
And let me know if this works in both cases (with & without permissions)?

Thanks!
 
I confirm it's working fine, as Admin I can still check other users' logs, while the user without permissions can only see his own ones. Odd thing though, if this user A filters the transactions specifying another username (user B), rather than having an empty result, he can still have a list of transactions from himself (user A). Not such a problem tho, just wanted to let you know since it should instead return an empty array.

Thanks again for the hotfix, worked like a charm! :)
 
Yeah I expected that would happen, the real fix would of course be that plus adding the permissions check to the template, but given the fact that it would be a significant undertaking for me to setup a separate XF2 installation for the v5.0 branch, this will do for now :)

Thanks for testing!
 
Hello @Sbenny,

We hope your ticket regarding DragonByte Credits has been addressed to your satisfaction. This ticket has now been closed.

If your ticket has not been resolved, you can reply to this thread at any point in the next 7 days in order to reopen the ticket, afterwards this thread will be closed.

Please do not reply to this thread if your ticket has been resolved.

Thank you.


- DragonByte Technologies, Ltd.
 
Status
Not open for further replies.

Similar threads

S
  • Locked
  • Support ticket Support ticket
Bug Individual permissions not honored for Download Invoice
Replies
3
Views
119
DragonByte Technologies
DragonByte Technologies
P
  • Locked
  • Support ticket Support ticket
Bug cannot view users location on map
Replies
5
Views
339
DragonByte Technologies
DragonByte Technologies
D
  • Locked
  • Support ticket Support ticket
Urgent Technical Issue with DragonByte Credits Addon
Replies
4
Views
700
DragonByte Technologies
DragonByte Technologies
Aphelion
  • Locked
  • Support ticket Support ticket
Question In forum Transaction Log question
Replies
12
Views
2K
DragonByte Technologies
DragonByte Technologies
A
  • Support ticket Support ticket
Bug problem unregistered user cannot publish
Replies
3
Views
425
DragonByte Technologies
DragonByte Technologies

DragonByte Credits

XenForo 1.5.3+ XenForo 2.0.x XenForo 2.1.x XenForo 2.2.x XenForo 2.3.x
Seller
DragonByte Technologies
Release date
Last update
Total downloads
5,170
Customer rating
4.67 star(s) 6 ratings
Back
Top