1 Topic by skirmantas

  • skirmantas
  • Member
  • Offline

Topic: user permitions problem

Hello,

I have got the same problem restricting user rights as pgolik (post ID_user problem and a feature request).
Briefly:

config.php has

$enable_authentication = 1;
$enable_delete_authorization = 1;
$enable_update_authorization = 1;
$enable_browse_authorization = 0;

but still any user can delete or change other user entries.

This security feature I find very important as from time to time some mad people appear in labs, and deleting the entries which accumulated during several years could be devastating.

Have you got any solutions?

Thank you for help,
Skirmantas K.

2 Reply by patnaik

  • patnaik
  • Administrator
  • Offline

Re: user permitions problem

This issue is fixed in the latest LabStoRe release (1.5.2).

You can download the new version and replace in your installation the few files (indicated in readme.txt)  that have been changed in the new release (or you can replace all files except config.php and interface_creator/uploads). The second part of fixing the issue involves editing the MyQL tables (see readme.txt).

This problem arose because ID_user field for records in the various tables was getting filled not with usernames but with user ID numbers.

3 Reply by skirmantas

  • skirmantas
  • Member
  • Offline

Re: user permitions problem

Dear patnaik,

Thank you for such a fast replay. Now it all works smoothly!

Best wishes,
Skirmantas K.