Project

General

Profile

Bug #7759

user who is manager of a role cannot add any user to it

Added by Frédéric Péters about 4 years ago. Updated over 1 year ago.

Status:
Fermé
Priority:
Normal
Category:
-
Target version:
Start date:
03 Jul 2015
Due date:
% Done:

100%

Patch proposed:
No
Planning:
No

Description

The user doesn't have any other permission in authentic, the "add user" line is correctly displayed on the role page but the select2 dropdown doesn't work (it gets a "Forbidden" error code).

0001-a2_rbac-give-the-permission-to-view-all-users-to-any.patch View (4.38 KB) Benjamin Dauvergne, 03 Jul 2015 05:49 PM

Associated revisions

Revision e7ceeecf (diff)
Added by Benjamin Dauvergne about 4 years ago

a2_rbac: allow specifying extra permissions when building an admin role (#7759)

Revision ff6ca458 (diff)
Added by Benjamin Dauvergne about 4 years ago

a2_rbac: give view user permissions to role administrators (fixes #7759)

The permission is scoped if the role is scoped.

History

#1 Updated by Benjamin Dauvergne about 4 years ago

If the user does not have also custom_user.view_user permissions on at least one organizational unit, he will see no user to add. I can completely remove the check, but our user database will be public in this case. Maybe I could make view_role imply view_user.

#2 Updated by Benjamin Dauvergne about 4 years ago

Another solution, add the custom_user.view_user permissions to all role administration roles, with global scope or only the scope of the entity the role belong to.

#3 Updated by Frédéric Péters about 4 years ago

So after the user is created I have to move it from "no entity" to "entity by default", and it would work?

#4 Updated by Benjamin Dauvergne about 4 years ago

This patch gives user view permission to all role administration roles.

#5 Updated by Benjamin Dauvergne about 4 years ago

Frédéric Péters a écrit :

So after the user is created I have to move it from "no entity" to "entity by default", and it would work?

Not at all, it's not related to entities, it's just that I can give a restrictive or large view of users so the Clapiers administrator of role "État-civil" would see all users (even those of Vendargues) or only users of Clapiers. I choose for now to give him a view of all users.

#6 Updated by Benjamin Dauvergne about 4 years ago

  • Target version set to 2.2.0

#7 Updated by Benjamin Dauvergne about 4 years ago

  • Status changed from Nouveau to Résolu (à déployer)
  • % Done changed from 0 to 100

#8 Updated by Benjamin Dauvergne over 3 years ago

  • Status changed from Résolu (à déployer) to Solution déployée

#9 Updated by Benjamin Dauvergne over 1 year ago

  • Status changed from Solution déployée to Fermé

Also available in: Atom PDF