Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When upgrading from before 1.x, SuperLinks view permissions may not be correct #2797

Closed
ddb4github opened this issue Jul 4, 2019 · 10 comments
Assignees
Labels
bug Undesired behaviour resolved A fixed issue
Milestone

Comments

@ddb4github
Copy link
Contributor

Describe the bug

  1. Lost realm of "External Links" during Cacti upgrade from pre-1.0.0
  2. Missed to remove obsoleted plugins realms from plugin_realms, including: settings, nectar, superlinks,

To Reproduce
Steps to reproduce the behavior:

  1. Build Cacti 0.8.8 env with superlinks, settings, nectar plugins enabled
  2. Access Console-->User Management-->admin(edit)
  3. Make sure all permission is selected, and save
  4. Upgrade to Cacti 1.2.4 by cli/upgrade_database.php
  5. Check User-->Permission(Tab)
  6. See error
@netniV
Copy link
Member

netniV commented Jul 4, 2019

That is interesting. I would have though someone else would have reported that by now given the 1.x lifetime. We will have to double check the upgrade code as I thought this was part of it.

@netniV
Copy link
Member

netniV commented Jul 4, 2019

for superlinks, the following code should be adjusting the realms as appropriate:

db_install_execute('DELETE FROM superlinks_auth WHERE pageid NOT IN(SELECT id FROM external_links)');
db_install_execute('INSERT INTO user_auth_realm (user_id, realm_id) SELECT userid, pageid+10000 FROM superlinks_auth');
db_install_drop_table('superlinks_auth');

This is found in the install/upgrades/1_0_0.php upgrade file.

@ddb4github
Copy link
Contributor Author

above three lines upgrade permission of superlinks created tab, links, .... But not "External Links" that is like "Graphs, Devices"

@netniV
Copy link
Member

netniV commented Jul 4, 2019

I'm confused because Superlinks became External Links I believe.

@ddb4github
Copy link
Contributor Author

"Superlinks" plugin permission is configured in table plugin_realms.

During upgrade, 1_0_0.php only handle "superlinks internal permission" from table 'superlinks_auth ' about "permission of superlinks created content".

  • Before upgrade:
    image

  • After upgrade
    image
    image

  • Whatever before/after upgade,

# mysql cacti -e "select * from plugin_realms where plugin='superlinks'"
+----+------------+---------------------+------------------------------------+
| id | plugin     | file                | display                            |
+----+------------+---------------------+------------------------------------+
| 12 | superlinks | superlinks.php      | Plugin -> SuperLinks: View Pages   |
| 13 | superlinks | superlinks-mgmt.php | Plugin -> SuperLinks: Manage Pages |
+----+------------+---------------------+------------------------------------+

@netniV
Copy link
Member

netniV commented Jul 5, 2019

Was there anything already populated in the external links table ? I notice that the first query is only checking that the external links id does not exist in superlinks, but I suspect it should also have the -1000 on it.

@netniV
Copy link
Member

netniV commented Jul 5, 2019

Wait, I may be missing that the External Links will have it's own realm anyway.

@netniV
Copy link
Member

netniV commented Jul 5, 2019

OK, to be clearer on this the security for the links are being transferred, but the manage permission for External Links is set to realm 24 but this is not being populated. I think we will need to update the 1_0_0.php upgrade file but it is unfortunately that any previous upgrade will have lost this permission.

@netniV
Copy link
Member

netniV commented Jul 5, 2019

Actually, my bad. External Links should be available to any user with access to a link. External Links is the ability to view the tab not the management of it. So, we will patch this in 1.2.5 to reapply that realm if they have access to a link.

@netniV netniV changed the title Lost realm of "External Links" during Cacti upgrade from pre-1.0.0 When upgrading from before 1.x, SuperLinks view permissions may not be correct Jul 5, 2019
@netniV netniV closed this as completed in 7c9c8b7 Jul 5, 2019
@netniV
Copy link
Member

netniV commented Jul 5, 2019

I've submitted a change to the 1_0_0.php file that should rectify the upgrade. If you have already upgraded, it wouldn't be right to run this automatically since you could have adjusted the permissions already and this could have changed them without your knowledge if run in a later upgrade.

If you do need to grant view permissions to the external links tab for all users you can run:

REPLACE INTO user_auth_realm (user_id, realm_id) SELECT user_id, 24 AS realm_id FROM user_auth

@netniV netniV self-assigned this Jul 5, 2019
@netniV netniV added bug Undesired behaviour resolved A fixed issue labels Jul 5, 2019
@netniV netniV added this to the v1.2.5 milestone Jul 5, 2019
@github-actions github-actions bot locked and limited conversation to collaborators Jun 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Undesired behaviour resolved A fixed issue
Projects
None yet
Development

No branches or pull requests

2 participants