Bug #7759: user who is manager of a role cannot add any user to it - Authentic 2 - Redmine Entr’ouvert

Bug #7759

user who is manager of a role cannot add any user to it

Ajouté par Frédéric Péters il y a presque 9 ans. Mis à jour il y a plus de 6 ans.

Statut:

Fermé

Priorité:

Normal

Assigné à:

Benjamin Dauvergne

Catégorie:

Version cible:

2.2.0

Début:

03 juillet 2015

Echéance:

% réalisé:

100%

Temps estimé:

Patch proposed:

Non

Planning:

Description

The user doesn't have any other permission in authentic, the "add user" line is correctly displayed on the role page but the select2 dropdown doesn't work (it gets a "Forbidden" error code).

Fichiers

0001-a2_rbac-give-the-permission-to-view-all-users-to-any.patch (4,38 ko) 0001-a2_rbac-give-the-permission-to-view-all-users-to-any.patch

Benjamin Dauvergne, 03 juillet 2015 17:49

Révisions associées

Révision e7ceeecf (diff)
Ajouté par Benjamin Dauvergne il y a presque 9 ans

a2_rbac: allow specifying extra permissions when building an admin role (#7759)

Révision ff6ca458 (diff)
Ajouté par Benjamin Dauvergne il y a presque 9 ans

a2_rbac: give view user permissions to role administrators (fixes #7759)

The permission is scoped if the role is scoped.

Historique

Mis à jour par Benjamin Dauvergne il y a presque 9 ans

If the user does not have also custom_user.view_user permissions on at least one organizational unit, he will see no user to add. I can completely remove the check, but our user database will be public in this case. Maybe I could make view_role imply view_user.

Mis à jour par Benjamin Dauvergne il y a presque 9 ans

Another solution, add the custom_user.view_user permissions to all role administration roles, with global scope or only the scope of the entity the role belong to.

Mis à jour par Frédéric Péters il y a presque 9 ans

So after the user is created I have to move it from "no entity" to "entity by default", and it would work?

Mis à jour par Benjamin Dauvergne il y a presque 9 ans

Fichier 0001-a2_rbac-give-the-permission-to-view-all-users-to-any.patch 0001-a2_rbac-give-the-permission-to-view-all-users-to-any.patch ajouté

This patch gives user view permission to all role administration roles.

Mis à jour par Benjamin Dauvergne il y a presque 9 ans

Frédéric Péters a écrit :

So after the user is created I have to move it from "no entity" to "entity by default", and it would work?

Not at all, it's not related to entities, it's just that I can give a restrictive or large view of users so the Clapiers administrator of role "État-civil" would see all users (even those of Vendargues) or only users of Clapiers. I choose for now to give him a view of all users.