[support] How to bypass permissions for node_save() ?
Lluís Forns
enboig at gmail.com
Thu Mar 24 10:05:39 UTC 2011
reading http://drupal.org/node/218104 i think my function lacks
session_save_session(); to ensure session is saved before entering
"god mode"
function wu_sudo() {
global $user;
if (!array_key_exists('wu_sudo', $_SESSION)) {
$_SESSION['wu_sudo'] = array();
}
array_push($_SESSION['wu_sudo'], $user);
session_save_session();
$user = user_load(1);
}
2011/3/24 Lluís Forns <enboig at gmail.com>:
> I had problems doing a similar thing if a WSOD appear when uid=1; so I
> endend with this funcions:
>
> //ensures a user return to its state
> function wu_boot() {
> global $user;
> if (array_key_exists('wu_sudo', $_SESSION)){
> watchdog('wu_debug', 'S\ha penjat un sudo!!!!');
> $user = array_shift($_SESSION['wu_sudo']);
> unset($_SESSION['wu_sudo']);
> }
> }
>
> //give user superpowers
> function wu_sudo() {
> global $user;
> if (!array_key_exists('wu_sudo', $_SESSION)) {
> $_SESSION['wu_sudo'] = array();
> }
> array_push($_SESSION['wu_sudo'], $user);
> $user = user_load(1);
> }
>
> //return user to its original state
> function wu_unsudo() {
> global $user;
> if (array_key_exists('wu_sudo', $_SESSION)) {
> if (!empty($_SESSION['wu_sudo'])) {
> $user = array_pop($_SESSION['wu_sudo']);
> }
> if (empty($_SESSION['wu_sudo'])) {
> unset($_SESSION['wu_sudo']);
> }
> }
> }
>
>
>
> 2011/3/23 Metzler, David <metzlerd at evergreen.edu>:
>> Take a look at:
>>
>> http://drupal.org/node/218104
>>
>> which describes how to safely impersonate another user.
>>
>>
>>
>>
>> -----Original Message-----
>> From: support-bounces at drupal.org [mailto:support-bounces at drupal.org] On
>> Behalf Of Ted
>> Sent: Wednesday, March 23, 2011 12:28 PM
>> To: Xavier Bestel
>> Cc: support at drupal.org
>> Subject: Re: [support] How to bypass permissions for node_save() ?
>>
>> On 3/23/2011 12:18 PM, Xavier Bestel wrote:
>>>>> How can I bypass the permissions system to make node_save() work ?
>>>>> I'm using Drupal 6.
>>>> user_access caches perms, otherwise you would be able to temporarily
>> add
>>>> a role with 'administer nodes'. Instead, you'll need to swap out the
>>>> global $user for uid 1 temporarily (and rename your local $user var).
>>>> After you're done with the node_save, remember to swap the old $user
>> back.
>>> Great !
>>>
>>> Would something like that work (I'm not a true drupalist;) ?
>>>
>>> global $user;
>>> $usersave = $user;
>>> $user = user_load(1);
>>>
>>> ... do stuff with node_save() ...
>>>
>>> $user = $usersave;
>> At first glance that looks okay. Give it a shot!
>> --
>> [ Drupal support list | http://lists.drupal.org/ ]
>> --
>> [ Drupal support list | http://lists.drupal.org/ ]
>>
>
>
>
> --
> *Les normes hi són perquè hi pensis abans de saltar-te-les
> *La vida és com una taronja, què esperes a exprimir-la?
> *Si creus que l'educació és cara, prova la ignorància.
> *La vida és com una moneda, la pots gastar en el que vulguis però
> només una vegada.
> *Abans d'imprimir aquest missatge, pensa en el medi ambient.
>
--
*Les normes hi són perquè hi pensis abans de saltar-te-les
*La vida és com una taronja, què esperes a exprimir-la?
*Si creus que l'educació és cara, prova la ignorància.
*La vida és com una moneda, la pots gastar en el que vulguis però
només una vegada.
*Abans d'imprimir aquest missatge, pensa en el medi ambient.
More information about the support
mailing list