Re: [support] How to bypass permissions for node_save() ?

24 Mar 2011


      reading http://drupal.org/node/218104 i think my function lacks
session_save_session(); to ensure session is saved before entering
"god mode"
function wu_sudo() {
  global $user;
  if (!array_key_exists('wu_sudo', $_SESSION)) {
    $_SESSION['wu_sudo'] = array();
  }
  array_push($_SESSION['wu_sudo'], $user);
  session_save_session();
  $user = user_load(1);
}
2011/3/24 Lluís Forns enboig@gmail.com:
...
I had problems doing a similar thing if a WSOD appear when uid=1; so I
endend with this funcions:
//ensures a user return to its state
function wu_boot() {
 global $user;
 if (array_key_exists('wu_sudo', $_SESSION)){
   watchdog('wu_debug', 'S\ha penjat un sudo!!!!');
   $user = array_shift($_SESSION['wu_sudo']);
   unset($_SESSION['wu_sudo']);
 }
}
//give user superpowers
function wu_sudo() {
 global $user;
 if (!array_key_exists('wu_sudo', $_SESSION)) {
   $_SESSION['wu_sudo'] = array();
 }
 array_push($_SESSION['wu_sudo'], $user);
 $user = user_load(1);
}
//return user to its original state
function wu_unsudo() {
 global $user;
 if (array_key_exists('wu_sudo', $_SESSION)) {
   if (!empty($_SESSION['wu_sudo'])) {
     $user = array_pop($_SESSION['wu_sudo']);
   }
   if (empty($_SESSION['wu_sudo'])) {
     unset($_SESSION['wu_sudo']);
   }
 }
}
2011/3/23 Metzler, David metzlerd@evergreen.edu:
...
Take a look at:
http://drupal.org/node/218104
which describes how to safely impersonate another user.
-----Original Message-----
From: support-bounces@drupal.org [mailto:support-bounces@drupal.org] On
Behalf Of Ted
Sent: Wednesday, March 23, 2011 12:28 PM
To: Xavier Bestel
Cc: support@drupal.org
Subject: Re: [support] How to bypass permissions for node_save() ?
On 3/23/2011 12:18 PM, Xavier Bestel wrote:
...
...
...
How can I bypass the permissions system to make node_save() work ?
I'm using Drupal 6.
user_access caches perms, otherwise you would be able to temporarily
add
...
...
a role with 'administer nodes'. Instead, you'll need to swap out the
global $user for uid 1 temporarily (and rename your local $user var).
After you're done with the node_save, remember to swap the old $user
back.
...
Great !
Would something like that work (I'm not a true drupalist;) ?
global $user;
$usersave = $user;
$user = user_load(1);
... do stuff with node_save() ...
$user = $usersave;
At first glance that looks okay. Give it a shot!
[ Drupal support list | http://lists.drupal.org/ ]
[ Drupal support list | http://lists.drupal.org/ ]
--
*Les normes hi són perquè hi pensis abans de saltar-te-les
*La vida és com una taronja, què esperes a exprimir-la?
*Si creus que l'educació és cara, prova la ignorància.
*La vida és com una moneda, la pots gastar en el que vulguis però
només una vegada.
*Abans d'imprimir aquest missatge, pensa en el medi ambient.
-- 
*Les normes hi són perquè hi pensis abans de saltar-te-les
*La vida és com una taronja, què esperes a exprimir-la?
*Si creus que l'educació és cara, prova la ignorància.
*La vida és com una moneda, la pots gastar en el que vulguis però
només una vegada.
*Abans d'imprimir aquest missatge, pensa en el medi ambient.

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [support] How to bypass permissions for node_save() ?

At first glance that looks okay. Give it a shot!

[ Drupal support list | http://lists.drupal.org/ ]