New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A user with a role with 'manage users' system permission does not see the settings menu #1110

Closed
mark-james opened this Issue Nov 8, 2018 · 3 comments

Comments

2 participants
@mark-james
Copy link

mark-james commented Nov 8, 2018

Describe the bug
A user with a role with 'manage users' system permission does not see the 'settings' menu on the top bar. In order to see the bar the 'Manage app settings' system permission must also be included in the role.

Steps To Reproduce

  1. Create a new role that includes the Manage Users system permission.
  2. Assign the new role to a user
  3. Login with this user and check the top bar. The Settings menu is missing.

Expected behavior
A user with the role should be able to access the Users sub menu of settings without having access to change the core app settings.

Your Configuration (please complete the following information):

  • Exact BookStack Version (Found in settings): BookStack v0.24.1
  • Hosting Method (Nginx/Apache/Docker): Ubuntu 18.04 - Using included installation script
@mark-james

This comment has been minimized.

Copy link
Author

mark-james commented Nov 8, 2018

I've also discovered a related issue. A user with 'manage users' system permissions can update their user to any role including the admin role. Essentially giving themselves global access. Should I create a new issue or just update the above?

@ssddanbrown

This comment has been minimized.

Copy link
Member

ssddanbrown commented Jan 5, 2019

@mark-james Thanks for raising this and sorry for my late reply, Looks like it'll be covered in #1119.

For the other point, It's probably best to open a new isuse and it may need a bit of discussion to confirm the exact logic to be implemented.

ssddanbrown added a commit that referenced this issue Jan 5, 2019

ssddanbrown added a commit that referenced this issue Jan 5, 2019

@ssddanbrown

This comment has been minimized.

Copy link
Member

ssddanbrown commented Jan 5, 2019

This base issue is now closed via #1119, Ready for the next release.

@ssddanbrown ssddanbrown closed this Jan 5, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment