[MAGNOLIA-6357] User with role=superuser can't see the role superuser when logged in Created: 25/Aug/15 Updated: 19/May/22 Resolved: 19/May/22 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | admininterface, security |
| Affects Version/s: | 5.3.10 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major |
| Reporter: | Gino Esposto | Assignee: | Unassigned |
| Resolution: | Won't Do | Votes: | 2 |
| Labels: | security, userroles | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Ubuntu 14.04.3 LTS (GNU/Linux 3.16.0-45-generic x86_64) |
||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
| Date of First Response: |
| Description |
|
When we create a new user on one of our magnolia instances (QUAL and PROD), for example "poweruser", and associate the group "publisher" and the role "superuser" to this new account and then log in with "poweruser", we can only see following roles on "Security => ROLES":
The user "poweruser" can not see the role "superuser", therefor can't create a user with the role "superuser". We are sure this was possible a couple of releases ago. This means we can only create new accounts assiciated with the role "superuser" by logging in as "superuser"... strange. Did something change with the user/role management in magnolia? OR do we have a problem with our magnolia instances? Thank you for your help! Regards, |
| Comments |
| Comment by Jan Haderka [ 25/Aug/15 ] |
|
Just tried to reproduce this on demo and it works fine there. Can you try as well? And if you are able to reproduce the issue provide exact steps on how to do it? Right now it looks more like something related to your setting or modification of rights in the roles rather than something in Magnolia. |
| Comment by Gino Esposto [ 26/Aug/15 ] |
|
Hello Jan Thanks for feedback. I have tried to reproduce on the online demo, and true, the behaviour is different there, and users with superuser role can also see all the roles including superuser. Now i realised that in our setup, when i log in as superuser and edit the ACL of the role superuser, "Userroles" has Read/Write only on "Selected" path /. The online demo shows "Selected and sub nodes" on the Userroles... If i try to change it to "Selected and sub nodes" on our magnolia and click "Save changes", the value is not saved and the Userroles dropdown remains on "Selected". What's the problem here? Could this be the cause of the problem? How could we fix this? Thanks, |
| Comment by Gino Esposto [ 26/Aug/15 ] |
|
I found a work-around for the Problem: |
| Comment by Gino Esposto [ 26/Aug/15 ] |
|
Hmmm, problem also apears on the online demo, i could reproduce it there! What i did: 1. I logged in as superuser in the online demo This is definitely a bug in magnolia and the workaround is like my description above: Click ADD NEW and add another rule "Userroles" = "Read/Write", "Selected and sub nodes", "/" and save it. Then the value "Selected and sub nodes" is saved, but only until you save the ACL form again, then the value is returned to "Selected" and can not be changed anymore. Please fix this asap! Thanks. |
| Comment by Gino Esposto [ 17/Sep/15 ] |
|
Hello Jan Could you reproduce? This is a serious bug! Any plans to fix this anytime soon? Regards, |
| Comment by Jan Haderka [ 17/Sep/15 ] |
|
Hi Gino, sorry I haven't noticed you comment earlier. Yes, I can confirm that I managed to reproduce the issue. If you have a support contract, you might want to open a support ticket and request fix under the terms of your contract to speed it up. Cheers, |
| Comment by Roman Kovařík [ 19/May/22 ] |
|
Hello, This ticket is now marked as closed due to one of the following reasons:
If you are still facing a problem or consider this issue still relevant, please feel free to re-open the ticket and we will reach out to you. Thank you, |