diff options
author | jim-p <jimp@netgate.com> | 2018-10-23 14:17:57 -0400 |
---|---|---|
committer | jim-p <jimp@netgate.com> | 2018-10-23 14:19:47 -0400 |
commit | 208953010f05a7d691c92441bee2f8fefe9c972e (patch) | |
tree | c9d7b70b401e83651e8178a24984c4d800bf05be /src/etc | |
parent | c95a79d324e8785ae3567a84871dce0ebd1290ea (diff) | |
download | pfsense-208953010f05a7d691c92441bee2f8fefe9c972e.zip pfsense-208953010f05a7d691c92441bee2f8fefe9c972e.tar.gz |
Fix processing of the 'all' group. Fixes #9051
All the 'all' group to the list of groups at the end, rather than the
start. This way it will be considered no matter how users login. This
also fixes issues some users had with the original changes.
(cherry picked from commit 4de15854384e28004b0dc571dc8a40fda7eae694)
Diffstat (limited to 'src/etc')
-rw-r--r-- | src/etc/inc/auth.inc | 18 | ||||
-rw-r--r-- | src/etc/inc/priv.inc | 8 |
2 files changed, 18 insertions, 8 deletions
diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc index ad22849..78b9d69 100644 --- a/src/etc/inc/auth.inc +++ b/src/etc/inc/auth.inc @@ -331,7 +331,7 @@ function get_user_privileges(& $user) { global $config, $_SESSION; $authcfg = auth_get_authserver($config['system']['webgui']['authmode']); - $allowed_groups = array('all'); + $allowed_groups = array(); $privs = $user['priv']; if (!is_array($privs)) { @@ -369,12 +369,16 @@ function get_user_privileges(& $user) { $allowed_groups = local_user_get_groups($user, true); } - if (is_array($allowed_groups)) { - foreach ($allowed_groups as $name) { - $group = getGroupEntry($name); - if (is_array($group['priv'])) { - $privs = array_merge($privs, $group['priv']); - } + if (!is_array($allowed_groups)) { + $allowed_groups = array('all'); + } else { + $allowed_groups[] = 'all'; + } + + foreach ($allowed_groups as $name) { + $group = getGroupEntry($name); + if (is_array($group['priv'])) { + $privs = array_merge($privs, $group['priv']); } } diff --git a/src/etc/inc/priv.inc b/src/etc/inc/priv.inc index a06217c..730b672 100644 --- a/src/etc/inc/priv.inc +++ b/src/etc/inc/priv.inc @@ -239,7 +239,7 @@ function getAllowedPages($username, &$attributes = array()) { } $allowed_pages = array(); - $allowed_groups = array('all'); + $allowed_groups = array(); phpsession_begin(); if ($_SESSION['remoteauth']) { @@ -283,6 +283,12 @@ function getAllowedPages($username, &$attributes = array()) { } } + if (!is_array($allowed_groups)) { + $allowed_groups = array('all'); + } else { + $allowed_groups[] = 'all'; + } + // build a list of allowed pages if (is_array($config['system']['group']) && is_array($allowed_groups)) { foreach ($config['system']['group'] as $group) { |