|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001237||v3.0 Release||[All Projects] General||public||2012-12-30 23:46||2013-08-28 11:17|
|Target Version||Fixed in Version||3.0.0|
|Summary||0001237: Not possible to delete assigned User Permission|
|Description||w2p git 97669153748c28422b774b6da6bfb314557d77a5|
The delete button is no longer accessible in the User Permissions (http://x.y.a.b/w2pV3/index.php?m=admin&a=viewuser&user_id=2&tab=1
You can add specific permissions for a user but can't delete them.
Works fine under V2.31 and V2.4 but not V3
Ubuntu 12.04 server, WinXP / Firefox client
|Tags||No tags attached.|
Resolved and already merged to master:
Last edited: 2013-01-01 00:31
A quick test with latest git pull.93084601fa47f26d786977da4a98ecb7b99befee
Problem is no added permissions are visible but are added in the database & confirmed in System Admin/ Users permission Information .
Can't see them and can't delete them.
Still an issue with Web2project V3.0-pre
Git version 3186736eec00dcf27b004f8f886813ffe0fc7888
Can set the specific permission for a user, this status shows in the System/View Users Permissions.
Cannot delete the modified permission from User Admin/ Permissions tab as the modified permission is not visible in the LHS column.
Functional in V2.31 (w2p demo site), not functional under V3.0-pre
Dropped all tables and regenerated w2p from latest git version df02a7ad3589a07ee97c74c7801145e733dd28b2 just in case previous (my) changes had broken things. So with new install and freshly created User:
Changed user permissions to deny adding a link - all worked OK except that the modified permission wasn't shown on the user permissions view but was shown in the system_acls_view.
Tried to add this permission back & got this message at top of screen
"acl_query(): ACO Section: application ACO Value: delete ARO Section: user ARO Value 3 ACL ID: 31 Result: 1"
and permission (deny) left unchanged.
=> this function is still broken
Resolved very similar to the solution described in 0001284:
Testing with git commit/b94ac1dd6dc98eea1f2f21c7a7f5e397732921fe
I can now see the amended permission but have no means of deleting it (x) is still missing.
Also, in the test I did, I added a deny on link edit and the link topic was removed from the dropdown menu so no other modifications could be done to the link permissions.
That behavior is exactly as designed.
If you deny someone (including yourself) access to the Links module, they will be denied access to *anything* related to the Links module.
While this may seem odd, it's particularly important to prevent privilege escalation. I'm not going to describe the details here as this is still an issue in pre-3.0 releases.
|2012-12-30 23:46||sasquatch58||New Issue|
|2012-12-31 23:42||caseydk||Note Added: 0002761|
|2012-12-31 23:42||caseydk||Status||new => resolved|
|2012-12-31 23:42||caseydk||Resolution||open => fixed|
|2012-12-31 23:42||caseydk||Assigned To||=> caseydk|
|2013-01-01 00:31||sasquatch58||Note Added: 0002762|
|2013-01-01 00:31||sasquatch58||Status||resolved => feedback|
|2013-01-01 00:31||sasquatch58||Resolution||fixed => reopened|
|2013-01-01 00:31||sasquatch58||Note Edited: 0002762|
|2013-02-28 12:14||sasquatch58||Note Added: 0002803|
|2013-05-23 01:22||sasquatch58||Note Added: 0002906|
|2013-06-02 23:39||caseydk||Relationship added||related to 0001284|
|2013-06-02 23:46||caseydk||Note Added: 0002932|
|2013-06-02 23:46||caseydk||Status||feedback => resolved|
|2013-06-02 23:46||caseydk||Resolution||reopened => fixed|
|2013-06-07 01:24||sasquatch58||Note Added: 0002939|
|2013-06-07 01:24||sasquatch58||Status||resolved => feedback|
|2013-06-07 01:24||sasquatch58||Resolution||fixed => reopened|
|2013-06-07 08:02||caseydk||Note Added: 0002940|
|2013-06-07 08:02||caseydk||Status||feedback => resolved|
|2013-06-07 08:02||caseydk||Resolution||reopened => fixed|
|2013-08-28 11:14||caseydk||Fixed in Version||=> 3.0.0|
|2013-08-28 11:17||caseydk||Status||resolved => closed|