Project

General

Profile

Actions

bug #8042

closed

UI is too restricted for users with right Project Manager

Added by Patrick Plitzner about 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Highest
Category:
cdmlib-remote
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Severity:
critical
Found in Version:

Description

This happened for Tilo when he was trying to log in to additivity_ontology on edit-test.

The user is logged in but this strange error message appears in the login dialog.

When trying to, for example, expand a classification, the following message is displayed:

followed up by

His user account had the group ProjectManager. Then I assigned it to the Editor group he could log in normally.


Files

picture683-1.png (44.5 KB) picture683-1.png Patrick Plitzner, 01/31/2019 10:12 AM
picture683-2.png (35.7 KB) picture683-2.png Patrick Plitzner, 01/31/2019 10:12 AM
picture683-3.png (18.3 KB) picture683-3.png Patrick Plitzner, 01/31/2019 10:12 AM

Related issues

Related to EDIT - feature request #7993: Display "Access Denied" dialog in case the remoting service responds with status code = 4xxClosedKatja Luther

Actions
Actions #1

Updated by Patrick Plitzner about 4 years ago

  • Description updated (diff)
Actions #2

Updated by Patrick Plitzner about 4 years ago

  • Assignee changed from Andreas Kohlbecker to Andreas Müller
Actions #3

Updated by Andreas Müller about 4 years ago

  • Assignee changed from Andreas Müller to Andreas Kohlbecker
  • Priority changed from New to Highest
  • Target version changed from Unassigned CDM tickets to Release 5.5
  • Severity changed from normal to critical

I assign this to AK as it is related to the new rights. We had already discussed that ProjectManager also needs remoting rights.

Actions #4

Updated by Patrick Plitzner about 4 years ago

  • Related to feature request #7993: Display "Access Denied" dialog in case the remoting service responds with status code = 4xx added
Actions #5

Updated by Andreas Kohlbecker about 4 years ago

  • Status changed from New to In Progress
  • Assignee changed from Andreas Kohlbecker to Katja Luther
  • % Done changed from 0 to 10

I created access to remoting for 'ROLE_PROJECT_MANAGER' but the subject of this ticket is another problem:

Obviously it is still possible to use the Editor after a successful login with a user which lacks the authority to use the remoting service. A user without permission to use the removing service should not be able to do anything related to data in the editor.

By now is see the following options

  1. once the login dialog knows the user is not permitted to use the remoting service, it should automatically logout the user. The message displayed to the user needs to be different in this case. "Your credentials are valid but you are not permitted access any data." ... something more compact of course
  2. The login dialog will log out the user once the dialog is closed.

I am passing this issue to you now Katja since you are dedicated to #7993

Actions #6

Updated by Andreas Müller about 4 years ago

Andreas Kohlbecker wrote:

Obviously it is still possible to use the Editor after a successful login with a user which lacks the authority to use the remoting service. A user without permission to use the removing service should not be able to do anything related to data in the editor.

I don't understand this. In this ticket description it is said that "His user account had the group ProjectManage". So I guess that ROLE_PROJECT_MANAGER should be available for the User. So he had the right to work remote. This ticket IMO is not about the correct login behavior which is handled in #7993

Actions #7

Updated by Andreas Kohlbecker about 4 years ago

Andreas Müller wrote:

Andreas Kohlbecker wrote:

Obviously it is still possible to use the Editor after a successful login with a user which lacks the authority to use the remoting service. A user without permission to use the removing service should not be able to do anything related to data in the editor.

I don't understand this. In this ticket description it is said that "His user account had the group ProjectManage".....

I was referring to the issue subject which is "...users with insufficient rights"

Actions #8

Updated by Andreas Müller about 4 years ago

  • Subject changed from UI is overly restricted for users with insufficient rights to UI is overly restricted for users with right Project Manager
  • Assignee changed from Katja Luther to Andreas Kohlbecker

Andreas Kohlbecker wrote:

Andreas Müller wrote:

Andreas Kohlbecker wrote:

Obviously it is still possible to use the Editor after a successful login with a user which lacks the authority to use the remoting service. A user without permission to use the removing service should not be able to do anything related to data in the editor.

I don't understand this. In this ticket description it is said that "His user account had the group ProjectManage".....

I was referring to the issue subject which is "...users with insufficient rights"

Yes, sometimes the ticket description is more correct then the label.

But do you agree that this is not Katjas issue but rather related to your original ticket (create right remoting or so).

Actions #9

Updated by Andreas Kohlbecker about 4 years ago

  • Category changed from taxeditor to cdmlib-remote
  • Status changed from In Progress to Closed
  • % Done changed from 10 to 100

agreed!

Actions #10

Updated by Andreas Müller almost 4 years ago

  • Subject changed from UI is overly restricted for users with right Project Manager to UI is too restricted for users with right Project Manager
Actions #11

Updated by Andreas Müller almost 4 years ago

  • Tracker changed from feature request to bug
  • Found in Version set to Release 5.5
Actions

Also available in: Atom PDF