View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|16958||Bug reports||User / Groups / Roles||public||2021-01-08 09:58||2021-07-12 11:53|
|Summary||16958: User with roles can not have more rights …|
|Description||If you set an user with a roles : this user can not have more right|
|Steps To Reproduce||Create an user|
Create a role : set Label sets to ON (for example)
Try to give more right to user : sghow OK
Edit Permission : permission is not set
|Additional Information||https://github.com/LimeSurvey/LimeSurvey/blob/68ce18e22194171e1c56c27f36ad7ce5b34adc8a/application/models/Permission.php#L504 issue : return false |
And more : test is **stupid** ! totally stupid : why check ALL roles permission if you need only one … permission : just check if this role have this permission …
|Tags||No tags attached.|
|Complete LimeSurvey version number (& build)||4.3.32|
|I will donate to the project if issue is resolved||No|
|Database & DB-Version||not relevant|
|Server OS (if known)||not relevant|
|Webserver software & version (if known)||not relevant|
|PHP Version||not relevant|
Capture d’écran du 2021-01-08 09-44-37.png (27,911 bytes)
Capture d’écran du 2021-01-08 09-44-37.png (27,911 bytes)
Peek 08-01-2021 09-48.gif (1,584,891 bytes)
Lol : remove login permission …
This feature are really tested ?
This feature **must be moved** to a core plugin or extension …
Peek 08-01-2021 10-01.gif (788,209 bytes)
See : https://forums.limesurvey.org/forum/installation-a-update-issues/123615-user-can-see-own-survey-but-can-t-access-it#211811
Maybe usage is (for example)
Create a role "User log in"
Create a role "user survey update"
Create a role "Use survey read"
And give multiple role to a user ?
I don't know …
|To be honest. I don't understand the issue. Can you explain in French maybe? Or use https://www.deepl.com/translator ?|
Screencast https://bugs.limesurvey.org/view.php?id=16958#c61459 show an issue
If dummyuser have a role with only "create survey" : he can not login , even if he has login right on User right.
User cannot have more right than roles.
If usere have one role and this role doens't allow "Login via DB" : user can not login via DB.
I make some screenshit to explain step by step.
Maybe it's the desired behaviour but must be documented and explain clearly.
1. Create a role without any right (Test roles) : UserRole-issue-00
2. Create an user and give some right : UserRole-issue-01
3. Assign previous role to this user Test roles : UserRole-issue-02
4. Check user right : UserRole-issue-03
5. Give some user right : UserRole-issue-04
6. Save : see the OK : UserRole-issue-05
7. Check user right : no right : UserRole-issue-06
It's the desired behaviour ? Maybe but then
1. must be documented : https://manual.limesurvey.org/Manage_roles it's "The roles that a user is assigned to provides the permissions they need for their role. " provice don't mean remove
2. Must be show clearly in GUI : show a sentence in user right and disable all checkbox for example.
So right now, permissions can't be added to a user with roles.
Maybe by design. Myabe a bug?
Initially will show a message stating that is not possible.
Then review what is the desired behaviour.
Should it be allowed to add permissions individually besides than having a role?
ok, so we have to different systems here: RBAC (Role-based access) and UBAC (user-based access)
Both systems basically exclude each other.
So, if a role is assigned then the application should confirm: "Do you want to remove all user permission and assign the role instead?"
If you edit the permission on a user with a role it should discard the role with a similar message: "Do you want to remove the role(s) and assign individual user permissions?"
If you add several roles to the same user the permissions are/should be cumulative.
The interface needs to reflect that.
> The interface needs to reflect that.
In the assignment of roles there was already a message, which always appears: roles.png
Added a warning message to the assignment of permissions, which appears only if the user has some role assigned: permissions.png
I placed it close to the save button.
Also modified the controller so that it effectively cleans up the roles when you assign individual permissions.
|Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=31550|
LimeSurvey: master 83668ed3
Committer: GitHub Details Diff
|Fixed issue 16958: User with roles can not have more rights (#1835)
Added a warning message to the assignment of permissions. Modified the controller so that it effectively cleans up the roles when you assign individual permissions.
|mod - application/controllers/UserManagementController.php||Diff File|
|mod - application/views/userManagement/partial/editpermissions.php||Diff File|
|2021-01-08 09:58||DenisChenu||New Issue|
|2021-01-08 09:58||DenisChenu||File Added: Capture d’écran du 2021-01-08 09-44-37.png|
|2021-01-08 09:58||DenisChenu||File Added: Peek 08-01-2021 09-48.gif|
|2021-01-08 10:02||DenisChenu||Note Added: 61459|
|2021-01-08 10:02||DenisChenu||File Added: Peek 08-01-2021 10-01.gif|
|2021-01-12 20:07||DenisChenu||Summary||User with roles can npot have more rights … => User with roles can not have more rights …|
|2021-02-07 20:40||cdorin||Priority||none => high|
|2021-02-07 20:40||cdorin||Status||new => confirmed|
|2021-02-10 15:45||DenisChenu||Note Added: 62113|
|2021-03-16 07:57||c_schmitz||Note Added: 63386|
|2021-03-16 08:28||DenisChenu||Note Added: 63387|
|2021-03-16 08:38||DenisChenu||Note Added: 63388|
|2021-03-16 08:38||DenisChenu||File Added: UserRole-issue-01.png|
|2021-03-16 08:38||DenisChenu||File Added: UserRole-issue-02.png|
|2021-03-16 08:38||DenisChenu||File Added: UserRole-issue-03.png|
|2021-03-16 08:38||DenisChenu||File Added: UserRole-issue-04.png|
|2021-03-16 08:38||DenisChenu||File Added: UserRole-issue-05.png|
|2021-03-16 08:38||DenisChenu||File Added: UserRole-issue-06.png|
|2021-03-16 08:38||DenisChenu||File Added: UserRole-issue-00.png|
|2021-03-25 13:14||gabrieljenik||Note Added: 63599|
|2021-03-25 18:30||c_schmitz||Note Added: 63630|
|2021-03-25 18:31||c_schmitz||Note Edited: 63630||View Revisions|
|2021-03-25 18:53||DenisChenu||Note Added: 63631|
|2021-04-01 15:56||gabrieljenik||Note Added: 63780|
|2021-04-07 10:28||gabrieljenik||Changeset attached||=> LimeSurvey master 83668ed3|
|2021-04-07 10:28||gabrieljenik||Note Added: 63852|
|2021-04-07 10:28||gabrieljenik||Assigned To||=> gabrieljenik|
|2021-04-07 10:28||gabrieljenik||Resolution||open => fixed|
|2021-04-11 10:33||c_schmitz||Status||confirmed => resolved|
|2021-07-12 11:53||c_schmitz||Note Added: 65325|
|2021-07-12 11:53||c_schmitz||Status||resolved => closed|