Project

General

Profile

Actions

Bug #647

closed

Do not let non-admin users create a new Group

Added by Scott Stagg over 14 years ago. Updated over 14 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Amber Herold
Category:
Web interface
Target version:
Start date:
06/10/2010
Due date:
% Done:

100%

Estimated time:
Affected Version:
Appion/Leginon 2.0.1
Show in known bugs:
No
Workaround:

Description

I installed the stable release of myamiweb yesterday (6/10/10). When I try to create a new group, I don't have an option for assigning privileges to the new group. To set them, I had to edit manually in the db.


Files

groups.png (97.8 KB) groups.png Amber Herold, 06/10/2010 09:42 AM
Actions #1

Updated by Amber Herold over 14 years ago

Can anyone reproduce this? It works correctly on fly. Perhaps has something to do with the DB upgrade. Scott, when you say you don't have an option for setting the privilege, do you mean that the privilege drop box is not there?

Actions #2

Updated by Scott Stagg over 14 years ago

Whoops. This was user error on my part. I was logged in as someone who could "View all but administrate owned". When I login as someone with "At all administration level", a pull down appears that allows me to change permissions. What is weird to me is that someone who is not an administrator can create a group. This seems like an error to me.

Actions #3

Updated by Eric Hou over 14 years ago

  • Status changed from New to Assigned
  • Assignee set to Eric Hou

Hey Scott!
I noticed you don't have a group call 'users' in your database. If you turn on the login system for myamiweb, this 'users' group is the default group for new user to sign up for an account.
Please create a new group call 'users' (the name matter) and assign the privilege to "Administrate/view only owned project and view shared experiment".

Thanks.

Eric

Actions #4

Updated by Eric Hou over 14 years ago

  • Target version set to Appion/Leginon 2.0.0
Actions #5

Updated by Scott Stagg over 14 years ago

Hi Eric,
I do have Users in my db after upgrading to "login" mode. I think the problem is what I say above.

someone who is not an administrator can create a group. This seems like an error to me

Actions #6

Updated by Amber Herold over 14 years ago

  • Subject changed from Can't assign privileges in new group to Do not let non-admin users create a new Group
  • Category set to Web interface
  • Target version changed from Appion/Leginon 2.0.0 to Appion/Leginon 2.1.0

Scott, very good point about creating a group as a non-admin. I'll leave this as a bug to be fixed for 2.1.

Actions #7

Updated by Anchi Cheng over 14 years ago

  • Status changed from Assigned to In Code Review

Fixed the power user group creation bug in r14339 in trunk.

Actions #8

Updated by Anchi Cheng over 14 years ago

  • % Done changed from 0 to 100

Eric,

Doesn't config.php have default user assignment?

// --- defaut user group -- //
define('GP_USER', 'users');

Upgrades don't get the four default group in case of duplicates.  All groups other than the one administrator is in are set with equivalent of user privileges but no rename.
Actions #9

Updated by Eric Hou over 14 years ago

No.
The "users" group is only need to use if system allowing login function.
So if people doing upgrade but not able the login function, they don't need 'users' group.
But if people doing upgrade but able the login function, they need 'users' group. Otherwise they need to manually go to config file to set the default group.

// --- defaut user group -- //
define('GP_USER', 'users');

Thanks.

Actions #10

Updated by Anchi Cheng over 14 years ago

added more of the same type of restricted functions for different groups in trunk r14344

Actions #11

Updated by Eric Hou over 14 years ago

  • Status changed from In Code Review to In Test
  • Assignee changed from Eric Hou to Amber Herold
  • Affected Version set to Appion/Leginon 2.0.1
  • Show in known bugs set to No

code are ok.

Actions #12

Updated by Amber Herold over 14 years ago

  • Assignee changed from Amber Herold to Anchi Cheng

Anchi, how should I test this? Do a new installation and look for what?

Actions #13

Updated by Anchi Cheng over 14 years ago

  • Assignee changed from Anchi Cheng to Amber Herold

Testing:
1. login as a user in poweruser group (view all but edit own privilege).
2. go to addgroup.php
you should get denied access.
3. go to admin.php
you should not see icon linked to addgroup.php
4. go to user.php
you should see users but not being able to edit them.

Actions #14

Updated by Amber Herold over 14 years ago

  • Status changed from In Test to Closed
Actions

Also available in: Atom PDF