Bug #7759
user who is manager of a role cannot add any user to it
100%
Description
The user doesn't have any other permission in authentic, the "add user" line is correctly displayed on the role page but the select2 dropdown doesn't work (it gets a "Forbidden" error code).
Fichiers
Révisions associées
a2_rbac: give view user permissions to role administrators (fixes #7759)
The permission is scoped if the role is scoped.
Historique
Mis à jour par Benjamin Dauvergne il y a presque 9 ans
If the user does not have also custom_user.view_user
permissions on at least one organizational unit, he will see no user to add. I can completely remove the check, but our user database will be public in this case. Maybe I could make view_role imply view_user.
Mis à jour par Benjamin Dauvergne il y a presque 9 ans
Another solution, add the custom_user.view_user
permissions to all role administration roles, with global scope or only the scope of the entity the role belong to.
Mis à jour par Frédéric Péters il y a presque 9 ans
So after the user is created I have to move it from "no entity" to "entity by default", and it would work?
Mis à jour par Benjamin Dauvergne il y a presque 9 ans
- Fichier 0001-a2_rbac-give-the-permission-to-view-all-users-to-any.patch 0001-a2_rbac-give-the-permission-to-view-all-users-to-any.patch ajouté
This patch gives user view permission to all role administration roles.
Mis à jour par Benjamin Dauvergne il y a presque 9 ans
Frédéric Péters a écrit :
So after the user is created I have to move it from "no entity" to "entity by default", and it would work?
Not at all, it's not related to entities, it's just that I can give a restrictive or large view of users so the Clapiers administrator of role "État-civil" would see all users (even those of Vendargues) or only users of Clapiers. I choose for now to give him a view of all users.
Mis à jour par Benjamin Dauvergne il y a presque 9 ans
- Statut changé de Nouveau à Résolu (à déployer)
- % réalisé changé de 0 à 100
Appliqué par commit authentic2|ff6ca45868701e10e4780260d52466d87c8f27b0.
Mis à jour par Benjamin Dauvergne il y a environ 8 ans
- Statut changé de Résolu (à déployer) à Solution déployée
Mis à jour par Benjamin Dauvergne il y a plus de 6 ans
- Statut changé de Solution déployée à Fermé
a2_rbac: allow specifying extra permissions when building an admin role (#7759)