 |
Capture d’écran du 2021-01-08 09-44-37.png (27,911 bytes) |
|
|
Lol : remove login permission … This feature are really tested ? This feature **must be moved** to a core plugin or extension … |
|
|
See : https://forums.limesurvey.org/forum/installation-a-update-issues/123615-user-can-see-own-survey-but-can-t-access-it#211811 Maybe usage is (for example) Create a role "User log in" Create a role "user survey update" Create a role "Use survey read" And give multiple role to a user ? I don't know … |
 |
To be honest. I don't understand the issue. Can you explain in French maybe? Or use https://www.deepl.com/translator ? |
|
|
Screencast https://bugs.limesurvey.org/view.php?id=16958#c61459 show an issue If dummyuser have a role with only "create survey" : he can not login , even if he has login right on User right. User cannot have more right than roles. If usere have one role and this role doens't allow "Login via DB" : user can not login via DB. I make some screenshit to explain step by step. Maybe it's the desired behaviour but must be documented and explain clearly. |
|
|
1. Create a role without any right (Test roles) : UserRole-issue-00 2. Create an user and give some right : UserRole-issue-01 3. Assign previous role to this user Test roles : UserRole-issue-02 4. Check user right : UserRole-issue-03 5. Give some user right : UserRole-issue-04 6. Save : see the OK : UserRole-issue-05 7. Check user right : no right : UserRole-issue-06 It's the desired behaviour ? Maybe but then 1. must be documented : https://manual.limesurvey.org/Manage_roles it's "The roles that a user is assigned to provides the permissions they need for their role. " provice don't mean remove 2. Must be show clearly in GUI : show a sentence in user right and disable all checkbox for example. UserRole-issue-05.png (8,215 bytes) UserRole-issue-06.png (85,036 bytes) UserRole-issue-00.png (71,963 bytes) UserRole-issue-01.png (91,534 bytes) UserRole-issue-02.png (13,292 bytes) UserRole-issue-03.png (86,891 bytes) UserRole-issue-04.png (86,995 bytes) |
 |
So right now, permissions can't be added to a user with roles. Maybe by design. Myabe a bug? Initially will show a message stating that is not possible. Then review what is the desired behaviour. Should it be allowed to add permissions individually besides than having a role? |
|
|
ok, so we have to different systems here: RBAC (Role-based access) and UBAC (user-based access) Both systems basically exclude each other. So, if a role is assigned then the application should confirm: "Do you want to remove all user permission and assign the role instead?" If you edit the permission on a user with a role it should discard the role with a similar message: "Do you want to remove the role(s) and assign individual user permissions?" If you add several roles to the same user the permissions are/should be cumulative. The interface needs to reflect that. |
|
|
> The interface needs to reflect that. yes :) |
|
|
In the assignment of roles there was already a message, which always appears: roles.png Added a warning message to the assignment of permissions, which appears only if the user has some role assigned: permissions.png I placed it close to the save button. Also modified the controller so that it effectively cleans up the roles when you assign individual permissions. PR: https://github.com/LimeSurvey/LimeSurvey/pull/1835 |
|
|
Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=31550 |
- Anonymous
