Update permissions

DarkShared

Hi,

I've been looking class.updatemodel.php and I haven't found anything about permissions; I wasn't sure aobut it because I am quite new to vanilla and php so I gave it a try.

I created an user (normal user, not admin) on mi forum, logged with new account and tried "/index.php?p=/utility/update". It was a success.

Shouldn't be this option allow only to admin?

PD: sorry for my english

vrijvlinder

That is an excellent question !! Thanks for asking. I would think that running utility update or utility structure would only be allowed for admin.

But it does not give user access to anything if they run it. And they would need to be in the dashboard to be able to run utility structure for the data base in case it needed to be fixed.

Anyone can run utility update on any forum, I just ran it here... Not sure what could be detrimental if people start running it on other people's forums...

peregrine

The whole reason for update and structure is when your database is not up to date. which could mean any and all tables are not structured properly or up to date. This could include roles and permission tables as well.

vrijvlinder said: And they would need to be in the dashboard to be able to run utility structure for the data base in case it needed to be fixed.

e.g. On one of my clone updates, I couldn't log in as admin, until I ran utility structure or utility update. and it has nothing to do with whether you are currently viewing dashboard or not, as far as I know, but I am open to being corrected.

vrijvlinder

No I failed to explain that,I meant to click the buttons in the dashboard when there is something to fix assuming you are already in the dashboard to click the repair db button that appears when you run utility structure if repair is needed

hgtonight

/utility/structure requires the 'Garden.Settings.Manage' permission.

/utility/update only requires the 'Garden.Settings.Manage' permission if the flood control gets triggered. This might not be intentional.