Project

General

Profile

bug #8042

UI is too restricted for users with right Project Manager

Added by Patrick Plitzner 17 days ago. Updated 16 days ago.

Status:
Closed
Priority:
Highest
Category:
cdmlib-remote
Target version:
Start date:
01/31/2019
Due date:
% Done:

100%

Severity:
critical
Found in Version:

Description

This happened for Tilo when he was trying to log in to additivity_ontology on edit-test.

The user is logged in but this strange error message appears in the login dialog.

When trying to, for example, expand a classification, the following message is displayed:

followed up by

His user account had the group ProjectManager. Then I assigned it to the Editor group he could log in normally.

picture683-1.png View (44.5 KB) Patrick Plitzner, 01/31/2019 10:12 AM

picture683-2.png View (35.7 KB) Patrick Plitzner, 01/31/2019 10:12 AM

picture683-3.png View (18.3 KB) Patrick Plitzner, 01/31/2019 10:12 AM


Related issues

Related to Edit - feature request #7993: Display "Access Denied" dialog in case the remoting service responds with status code = 4xx Closed 01/10/2019

Associated revisions

Revision c1d9a788 (diff)
Added by Andreas Kohlbecker 17 days ago

ref #7972, ref #8042 permitting remoting access to ROLE_PROJECT_MANAGER

History

#1 Updated by Patrick Plitzner 17 days ago

  • Description updated (diff)

#2 Updated by Patrick Plitzner 17 days ago

  • Assignee changed from Andreas Kohlbecker to Andreas Müller

#3 Updated by Andreas Müller 17 days ago

  • Assignee changed from Andreas Müller to Andreas Kohlbecker
  • Priority changed from New to Highest
  • Target version changed from Unassigned CDM tickets to Release 5.5
  • Severity changed from normal to critical

I assign this to AK as it is related to the new rights. We had already discussed that ProjectManager also needs remoting rights.

#4 Updated by Patrick Plitzner 17 days ago

  • Related to feature request #7993: Display "Access Denied" dialog in case the remoting service responds with status code = 4xx added

#5 Updated by Andreas Kohlbecker 17 days ago

  • Status changed from New to In Progress
  • Assignee changed from Andreas Kohlbecker to Katja Luther
  • % Done changed from 0 to 10

I created access to remoting for 'ROLE_PROJECT_MANAGER' but the subject of this ticket is another problem:

Obviously it is still possible to use the Editor after a successful login with a user which lacks the authority to use the remoting service. A user without permission to use the removing service should not be able to do anything related to data in the editor.

By now is see the following options

  1. once the login dialog knows the user is not permitted to use the remoting service, it should automatically logout the user. The message displayed to the user needs to be different in this case. "Your credentials are valid but you are not permitted access any data." ... something more compact of course
  2. The login dialog will log out the user once the dialog is closed.

I am passing this issue to you now Katja since you are dedicated to #7993

#6 Updated by Andreas Müller 17 days ago

Andreas Kohlbecker wrote:

Obviously it is still possible to use the Editor after a successful login with a user which lacks the authority to use the remoting service. A user without permission to use the removing service should not be able to do anything related to data in the editor.

I don't understand this. In this ticket description it is said that "His user account had the group ProjectManage". So I guess that ROLE_PROJECT_MANAGER should be available for the User. So he had the right to work remote. This ticket IMO is not about the correct login behavior which is handled in #7993

#7 Updated by Andreas Kohlbecker 17 days ago

Andreas Müller wrote:

Andreas Kohlbecker wrote:

Obviously it is still possible to use the Editor after a successful login with a user which lacks the authority to use the remoting service. A user without permission to use the removing service should not be able to do anything related to data in the editor.

I don't understand this. In this ticket description it is said that "His user account had the group ProjectManage".....

I was referring to the issue subject which is "...users with insufficient rights"

#8 Updated by Andreas Müller 17 days ago

  • Subject changed from UI is overly restricted for users with insufficient rights to UI is overly restricted for users with right Project Manager
  • Assignee changed from Katja Luther to Andreas Kohlbecker

Andreas Kohlbecker wrote:

Andreas Müller wrote:

Andreas Kohlbecker wrote:

Obviously it is still possible to use the Editor after a successful login with a user which lacks the authority to use the remoting service. A user without permission to use the removing service should not be able to do anything related to data in the editor.

I don't understand this. In this ticket description it is said that "His user account had the group ProjectManage".....

I was referring to the issue subject which is "...users with insufficient rights"

Yes, sometimes the ticket description is more correct then the label.

But do you agree that this is not Katjas issue but rather related to your original ticket (create right remoting or so).

#9 Updated by Andreas Kohlbecker 17 days ago

  • Category changed from taxeditor to cdmlib-remote
  • Status changed from In Progress to Closed
  • % Done changed from 10 to 100

agreed!

#10 Updated by Andreas Müller 16 days ago

  • Subject changed from UI is overly restricted for users with right Project Manager to UI is too restricted for users with right Project Manager

#11 Updated by Andreas Müller 16 days ago

  • Tracker changed from feature request to bug
  • Found in Version set to Release 5.5

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 40 MB)