bug #8042
closedUI is too restricted for users with right Project Manager
100%
Description
This happened for Tilo when he was trying to log in to additivity_ontology on edit-test.
The user is logged in but this strange error message appears in the login dialog.
When trying to, for example, expand a classification, the following message is displayed:
followed up by
His user account had the group ProjectManager. Then I assigned it to the Editor group he could log in normally.
Files
| picture683-1.png (44.5 KB) picture683-1.png | |||
| picture683-2.png (35.7 KB) picture683-2.png | |||
| picture683-3.png (18.3 KB) picture683-3.png |
Related issues
Updated by Patrick Plitzner about 5 years ago
- Assignee changed from Andreas Kohlbecker to Andreas Müller
Updated by Andreas Müller about 5 years ago
- Assignee changed from Andreas Müller to Andreas Kohlbecker
- Priority changed from New to Highest
- Target version changed from Unassigned CDM tickets to Release 5.5
- Severity changed from normal to critical
I assign this to AK as it is related to the new rights. We had already discussed that ProjectManager also needs remoting rights.
Updated by Patrick Plitzner about 5 years ago
- Related to feature request #7993: Display "Access Denied" dialog in case the remoting service responds with status code = 4xx added
Updated by Andreas Kohlbecker about 5 years ago
- Status changed from New to In Progress
- Assignee changed from Andreas Kohlbecker to Katja Luther
- % Done changed from 0 to 10
I created access to remoting for 'ROLE_PROJECT_MANAGER' but the subject of this ticket is another problem:
Obviously it is still possible to use the Editor after a successful login with a user which lacks the authority to use the remoting service. A user without permission to use the removing service should not be able to do anything related to data in the editor.
By now is see the following options
- once the login dialog knows the user is not permitted to use the remoting service, it should automatically logout the user. The message displayed to the user needs to be different in this case. "Your credentials are valid but you are not permitted access any data." ... something more compact of course
- The login dialog will log out the user once the dialog is closed.
I am passing this issue to you now Katja since you are dedicated to #7993
Updated by Andreas Müller about 5 years ago
Andreas Kohlbecker wrote:
Obviously it is still possible to use the Editor after a successful login with a user which lacks the authority to use the remoting service. A user without permission to use the removing service should not be able to do anything related to data in the editor.
I don't understand this. In this ticket description it is said that "His user account had the group ProjectManage". So I guess that ROLE_PROJECT_MANAGER should be available for the User. So he had the right to work remote. This ticket IMO is not about the correct login behavior which is handled in #7993
Updated by Andreas Kohlbecker about 5 years ago
Andreas Müller wrote:
Andreas Kohlbecker wrote:
Obviously it is still possible to use the Editor after a successful login with a user which lacks the authority to use the remoting service. A user without permission to use the removing service should not be able to do anything related to data in the editor.
I don't understand this. In this ticket description it is said that "His user account had the group ProjectManage".....
I was referring to the issue subject which is "...users with insufficient rights"
Updated by Andreas Müller about 5 years ago
- Subject changed from UI is overly restricted for users with insufficient rights to UI is overly restricted for users with right Project Manager
- Assignee changed from Katja Luther to Andreas Kohlbecker
Andreas Kohlbecker wrote:
Andreas Müller wrote:
Andreas Kohlbecker wrote:
Obviously it is still possible to use the Editor after a successful login with a user which lacks the authority to use the remoting service. A user without permission to use the removing service should not be able to do anything related to data in the editor.
I don't understand this. In this ticket description it is said that "His user account had the group ProjectManage".....
I was referring to the issue subject which is "...users with insufficient rights"
Yes, sometimes the ticket description is more correct then the label.
But do you agree that this is not Katjas issue but rather related to your original ticket (create right remoting or so).
Updated by Andreas Kohlbecker about 5 years ago
- Category changed from taxeditor to cdmlib-remote
- Status changed from In Progress to Closed
- % Done changed from 10 to 100
agreed!
Updated by Andreas Müller about 5 years ago
- Subject changed from UI is overly restricted for users with right Project Manager to UI is too restricted for users with right Project Manager
Updated by Andreas Müller about 5 years ago
- Tracker changed from feature request to bug
- Found in Version set to Release 5.5