[MAGNOLIA-6005] Cloning / Importing user does not change acl_users settings Created: 26/Nov/14  Updated: 19/May/22  Resolved: 19/May/22

Status: Closed
Project: Magnolia
Component/s: security
Affects Version/s: 5.3.5
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Matteo Pelucco Assignee: Unassigned
Resolution: Won't Do Votes: 0
Labels: acl_users, users
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

All (CE / EE), for instance on DEMO


Attachments: PNG File user-cloning-issue-001.png     PNG File user-cloning-issue-002.png     PNG File user-cloning-issue-003.png     PNG File user-cloning-issue-004.png    
Issue Links:
causality
is causing MAGNOLIA-6167 Superuser role, if edited by superuse... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Release notes required:
Yes
Date of First Response:

 Description   

If you clone a user, for example, peter in matteo, you will keep under matteo permissions (acl_users) write permissions on peter.
This allow matteo to login/logout BUT not to change its own data (password, email..)
You have to manually fix those acls to have that feature to work.

To reproduce:

1) http://demo.magnolia-cms.com (superuser/superuser)
2) Security app
3) Clone "peter": it will create a spare user "peter0"
4) Logout
5) Login with peter0/peter
6) Try to change your profile.
— RED BAR! Error, because you do not have permissions on your user node.

It does not happen if you create a new user from scratch. Just cloning/renaming/import..



 Comments   
Comment by Matteo Pelucco [ 26/Nov/14 ]

To be more clear:
cloning "peter" node in workspace "users" will generate a new node "peter0", in the same workspace.
Under "peter0", you have an exact copy of node "acl_users", pointing to "peter".
This inhibits peter0 to change its own password (email, ...)

Comment by Matteo Pelucco [ 05/May/15 ]

just a note, this is still present on 5.3.8

Comment by Roman Kovařík [ 19/May/22 ]

Hello,

This ticket is now marked as closed due to one of the following reasons:

  • A long period of inactivity
  • Uses an old or Beta version of an application, module, or framework that we no longer support
  • The issue is no longer reproducible or has been fixed in later versions

If you are still facing a problem or consider this issue still relevant, please feel free to re-open the ticket and we will reach out to you.

Thank you,
The Magnolia Team

Generated at Mon Feb 12 04:10:25 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.