View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
16958 | Bug reports | User / Groups / Roles | public | 2021-01-08 09:58 | 2021-04-11 10:33 |
Reporter | DenisChenu | Assigned To | gabrieljenik | ||
Priority | high | Severity | minor | ||
Status | resolved | Resolution | fixed | ||
Product Version | 4.3.33 | ||||
Summary | 16958: User with roles can not have more rights … | ||||
Description | If you set an user with a roles : this user can not have more right | ||||
Steps To Reproduce | Create an user Create a role : set Label sets to ON (for example) Try to give more right to user : sghow OK Edit Permission : permission is not set | ||||
Additional Information | https://github.com/LimeSurvey/LimeSurvey/blob/68ce18e22194171e1c56c27f36ad7ce5b34adc8a/application/models/Permission.php#L504 issue : return false And more : test is **stupid** ! totally stupid : why check ALL roles permission if you need only one … permission : just check if this role have this permission … | ||||
Tags | No tags attached. | ||||
Complete LimeSurvey version number (& build) | 4.3.32 | ||||
I will donate to the project if issue is resolved | No | ||||
Browser | not relevant | ||||
Database & DB-Version | not relevant | ||||
Server OS (if known) | not relevant | ||||
Webserver software & version (if known) | not relevant | ||||
PHP Version | not relevant | ||||
|
|
Lol : remove login permission … This feature are really tested ? This feature **must be moved** to a core plugin or extension … |
|
See : https://forums.limesurvey.org/forum/installation-a-update-issues/123615-user-can-see-own-survey-but-can-t-access-it#211811 Maybe usage is (for example) Create a role "User log in" Create a role "user survey update" Create a role "Use survey read" And give multiple role to a user ? I don't know … |
|
To be honest. I don't understand the issue. Can you explain in French maybe? Or use https://www.deepl.com/translator ? | |
Screencast https://bugs.limesurvey.org/view.php?id=16958#c61459 show an issue If dummyuser have a role with only "create survey" : he can not login , even if he has login right on User right. User cannot have more right than roles. If usere have one role and this role doens't allow "Login via DB" : user can not login via DB. I make some screenshit to explain step by step. Maybe it's the desired behaviour but must be documented and explain clearly. |
|
1. Create a role without any right (Test roles) : UserRole-issue-00 2. Create an user and give some right : UserRole-issue-01 3. Assign previous role to this user Test roles : UserRole-issue-02 4. Check user right : UserRole-issue-03 5. Give some user right : UserRole-issue-04 6. Save : see the OK : UserRole-issue-05 7. Check user right : no right : UserRole-issue-06 It's the desired behaviour ? Maybe but then 1. must be documented : https://manual.limesurvey.org/Manage_roles it's "The roles that a user is assigned to provides the permissions they need for their role. " provice don't mean remove 2. Must be show clearly in GUI : show a sentence in user right and disable all checkbox for example. |
|
So right now, permissions can't be added to a user with roles. Maybe by design. Myabe a bug? Initially will show a message stating that is not possible. Then review what is the desired behaviour. Should it be allowed to add permissions individually besides than having a role? |
|
ok, so we have to different systems here: RBAC (Role-based access) and UBAC (user-based access) Both systems basically exclude each other. So, if a role is assigned then the application should confirm: "Do you want to remove all user permission and assign the role instead?" If you edit the permission on a user with a role it should discard the role with a similar message: "Do you want to remove the role(s) and assign individual user permissions?" If you add several roles to the same user the permissions are/should be cumulative. The interface needs to reflect that. |
|
> The interface needs to reflect that. yes :) |
|
In the assignment of roles there was already a message, which always appears: roles.png Added a warning message to the assignment of permissions, which appears only if the user has some role assigned: permissions.png I placed it close to the save button. Also modified the controller so that it effectively cleans up the roles when you assign individual permissions. PR: https://github.com/LimeSurvey/LimeSurvey/pull/1835 |
|
Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=31550 | |
LimeSurvey: master 83668ed3 2021-04-07 10:28:41 Committer: GitHub Details Diff |
Fixed issue 16958: User with roles can not have more rights (#1835) Added a warning message to the assignment of permissions. Modified the controller so that it effectively cleans up the roles when you assign individual permissions. |
Affected Issues 16958 |
|
mod - application/controllers/UserManagementController.php | Diff File | ||
mod - application/views/userManagement/partial/editpermissions.php | Diff File |
Date Modified | Username | Field | Change |
---|---|---|---|
2021-01-08 09:58 | DenisChenu | New Issue | |
2021-01-08 09:58 | DenisChenu | File Added: Capture d’écran du 2021-01-08 09-44-37.png | |
2021-01-08 09:58 | DenisChenu | File Added: Peek 08-01-2021 09-48.gif | |
2021-01-08 10:02 | DenisChenu | Note Added: 61459 | |
2021-01-08 10:02 | DenisChenu | File Added: Peek 08-01-2021 10-01.gif | |
2021-01-12 20:07 | DenisChenu | Summary | User with roles can npot have more rights … => User with roles can not have more rights … |
2021-02-07 20:40 | cdorin | Priority | none => high |
2021-02-07 20:40 | cdorin | Status | new => confirmed |
2021-02-10 15:45 | DenisChenu | Note Added: 62113 | |
2021-03-16 07:57 | c_schmitz | Note Added: 63386 | |
2021-03-16 08:28 | DenisChenu | Note Added: 63387 | |
2021-03-16 08:38 | DenisChenu | Note Added: 63388 | |
2021-03-16 08:38 | DenisChenu | File Added: UserRole-issue-01.png | |
2021-03-16 08:38 | DenisChenu | File Added: UserRole-issue-02.png | |
2021-03-16 08:38 | DenisChenu | File Added: UserRole-issue-03.png | |
2021-03-16 08:38 | DenisChenu | File Added: UserRole-issue-04.png | |
2021-03-16 08:38 | DenisChenu | File Added: UserRole-issue-05.png | |
2021-03-16 08:38 | DenisChenu | File Added: UserRole-issue-06.png | |
2021-03-16 08:38 | DenisChenu | File Added: UserRole-issue-00.png | |
2021-03-25 13:14 | gabrieljenik | Note Added: 63599 | |
2021-03-25 18:30 | c_schmitz | Note Added: 63630 | |
2021-03-25 18:31 | c_schmitz | Note Edited: 63630 | View Revisions |
2021-03-25 18:53 | DenisChenu | Note Added: 63631 | |
2021-04-01 15:56 | gabrieljenik | Note Added: 63780 | |
2021-04-07 10:28 | gabrieljenik | Changeset attached | => LimeSurvey master 83668ed3 |
2021-04-07 10:28 | gabrieljenik | Note Added: 63852 | |
2021-04-07 10:28 | gabrieljenik | Assigned To | => gabrieljenik |
2021-04-07 10:28 | gabrieljenik | Resolution | open => fixed |
2021-04-11 10:33 | c_schmitz | Status | confirmed => resolved |