[support] How to bypass permissions for node_save() ?

Lluís Forns enboig at gmail.com
Thu Mar 24 10:02:36 UTC 2011 

I had problems doing a similar thing if a WSOD appear when uid=1; so I
endend with this funcions:

//ensures a user return to its state
function wu_boot() {
  global $user;
  if (array_key_exists('wu_sudo', $_SESSION)){
    watchdog('wu_debug', 'S\ha penjat un sudo!!!!');
    $user = array_shift($_SESSION['wu_sudo']);
    unset($_SESSION['wu_sudo']);
  }
}

//give user superpowers
function wu_sudo() {
  global $user;
  if (!array_key_exists('wu_sudo', $_SESSION)) {
    $_SESSION['wu_sudo'] = array();
  }
  array_push($_SESSION['wu_sudo'], $user);
  $user = user_load(1);
}

//return user to its original state
function wu_unsudo() {
  global $user;
  if (array_key_exists('wu_sudo', $_SESSION)) {
    if (!empty($_SESSION['wu_sudo'])) {
      $user = array_pop($_SESSION['wu_sudo']);
    }
    if (empty($_SESSION['wu_sudo'])) {
      unset($_SESSION['wu_sudo']);
    }
  }
}



2011/3/23 Metzler, David <metzlerd at evergreen.edu>:
> Take a look at:
>
> http://drupal.org/node/218104
>
> which describes how to safely impersonate another user.
>
>
>
>
> -----Original Message-----
> From: support-bounces at drupal.org [mailto:support-bounces at drupal.org] On
> Behalf Of Ted
> Sent: Wednesday, March 23, 2011 12:28 PM
> To: Xavier Bestel
> Cc: support at drupal.org
> Subject: Re: [support] How to bypass permissions for node_save() ?
>
> On 3/23/2011 12:18 PM, Xavier Bestel wrote:
>>>> How can I bypass the permissions system to make node_save() work ?
>>>> I'm using Drupal 6.
>>> user_access caches perms, otherwise you would be able to temporarily
> add
>>> a role with 'administer nodes'. Instead, you'll need to swap out the
>>> global $user for uid 1 temporarily (and rename your local $user var).
>>> After you're done with the node_save, remember to swap the old $user
> back.
>> Great !
>>
>> Would something like that work (I'm not a true drupalist;) ?
>>
>> global $user;
>> $usersave = $user;
>> $user = user_load(1);
>>
>> ... do stuff with node_save() ...
>>
>> $user = $usersave;
> At first glance that looks okay. Give it a shot!
> --
> [ Drupal support list | http://lists.drupal.org/ ]
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>



-- 
*Les normes hi són perquè hi pensis abans de saltar-te-les
*La vida és com una taronja, què esperes a exprimir-la?
*Si creus que l'educació és cara, prova la ignorància.
*La vida és com una moneda, la pots gastar en el que vulguis però
només una vegada.
*Abans d'imprimir aquest missatge, pensa en el medi ambient.

More information about the support mailing list