| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 16958 | Bug reports | User / Groups / Roles | public | 2021-01-08 09:58 | 2021-07-12 11:53 |
| Reporter | DenisChenu | Assigned To | gabrieljenik | ||
| Priority | high | Severity | minor | ||
| Status | closed | Resolution | fixed | ||
| Product Version | 4.3.33 | ||||
| Summary | 16958: User with roles can not have more rights … | ||||
| Description | If you set an user with a roles : this user can not have more right | ||||
| Steps To Reproduce | Create an user | ||||
| Additional Information | https://github.com/LimeSurvey/LimeSurvey/blob/68ce18e22194171e1c56c27f36ad7ce5b34adc8a/application/models/Permission.php#L504 issue : return false And more : test is stupid ! totally stupid : why check ALL roles permission if you need only one … permission : just check if this role have this permission … | ||||
| Tags | No tags attached. | ||||
| Bug heat | 6 | ||||
| Complete LimeSurvey version number (& build) | 4.3.32 | ||||
| I will donate to the project if issue is resolved | No | ||||
| Browser | not relevant | ||||
| Database type & version | not relevant | ||||
| Server OS (if known) | not relevant | ||||
| Webserver software & version (if known) | not relevant | ||||
| PHP Version | not relevant | ||||
 |
Lol : remove login permission … This feature are really tested ? This feature must be moved to a core plugin or extension … |
|
|
Maybe usage is (for example) Create a role "User log in" And give multiple role to a user ? I don't know … |
 |
To be honest. I don't understand the issue. Can you explain in French maybe? Or use https://www.deepl.com/translator ? |
|
|
Screencast https://bugs.limesurvey.org/view.php?id=16958#c61459 show an issue If dummyuser have a role with only "create survey" : he can not login , even if he has login right on User right. If usere have one role and this role doens't allow "Login via DB" : user can not login via DB. I make some screenshit to explain step by step. |
|
|
It's the desired behaviour ? Maybe but then
UserRole-issue-05.png (8,215 bytes) UserRole-issue-06.png (85,036 bytes) UserRole-issue-00.png (71,963 bytes) UserRole-issue-01.png (91,534 bytes) UserRole-issue-02.png (13,292 bytes) UserRole-issue-03.png (86,891 bytes) UserRole-issue-04.png (86,995 bytes) |
 |
So right now, permissions can't be added to a user with roles. |
|
|
ok, so we have to different systems here: RBAC (Role-based access) and UBAC (user-based access) Both systems basically exclude each other. So, if a role is assigned then the application should confirm: "Do you want to remove all user permission and assign the role instead?" If you edit the permission on a user with a role it should discard the role with a similar message: "Do you want to remove the role(s) and assign individual user permissions?" If you add several roles to the same user the permissions are/should be cumulative. The interface needs to reflect that. |
|
|
yes :) |
|
|
In the assignment of roles there was already a message, which always appears: roles.png Added a warning message to the assignment of permissions, which appears only if the user has some role assigned: permissions.png Also modified the controller so that it effectively cleans up the roles when you assign individual permissions. |
|
|
Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=31550 |
|
|
Release done. |
