-
Notifications
You must be signed in to change notification settings - Fork 100
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Preventing system users being removed from system groups #1733
Preventing system users being removed from system groups #1733
Conversation
Works as expected. However I've come across a related issue: Attempting to rename user |
@manics try now, you should't be able to edit name |
One last thing (sorry). In the group admin page there's nothing to stop an admin user removing themself from the |
/cc @mtbc for comment re: the |
The |
I think yesterday's error was an |
Hmmm..... a 500 seems odd either way. But if it wasn't an |
Those should prevent 'root' and current user from removing from 'system' either via experimenter or group edit forms |
Testing root:
Testing as admin_user:
|
Tested both scenarios - all works as expected. Looks OK to merge. |
any comments on the new method? @knabar @chris-allan @will-moore @cneves |
@@ -74,10 +74,13 @@ | |||
}; | |||
|
|||
// Since we want to disable removal of 'system' group (id=0) from chosen, this hides the 'X' | |||
var admin_groups = [{% for x in admin_groups %}'{{ x|escapejs }}',{% endfor %}] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Having a trailing comma may blow up in IE before 9 - don't have a browser installed to test it right now though
http://stackoverflow.com/questions/7246618/trailing-commas-in-javascript
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about
from django.utils import simplejson
list = simplejson.dumps(LIST)
var JS_LIST = {{ list|safe }};
General question: do we want other admin to modify the password of root? |
@return: Current Experimenter | ||
@return: Generator of L{BlitzObjectWrapper} subclasses | ||
""" | ||
return self.getObject("ExperimenterGroup", 0).getMembers() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of hard-coding 0, you could use conn.getAdminService().getSecurityRoles().systemGroupId
The behaviour is fine - can't remove myself from system or user groups. Still a bit confusing to newbies to see "system" as a group that is added / removed according to the Administrator checkbox - but I guess we can't hide it from the list of groups, since some users are only in "system" and their data is in system group too. |
that should be final commit |
@dpwrussell: it should fix ticket http://trac.openmicroscopy.org.uk/ome/ticket/11693 |
Conflicting PR.Removed from build OMERO-merge-develop#497. See the console output for more details. |
This is conflicting with the unit support PR. |
Bug:
|
That is not related as the PR hasn't been merged because of the conflict |
Conflicting PR.Removed from build OMERO-merge-develop#498. See the console output for more details. |
Conflicting PR.Removed from build OMERO-merge-develop#499. See the console output for more details. |
additional changes to PR #565
…dmin::getSecurityRoles
Finally, good to merge :) |
Re-running travis job. |
Looks good to merge |
…oup-change-restrictions Preventing system users being removed from system groups
--no-rebase Following #1723 |
'owners': ownerIds, 'members':memberIds, 'experimenters':experimenters}, | ||
group_is_current_or_system=group_is_current_or_system) | ||
admins = [conn.getAdminService().getSecurityRoles().systemGroupId] | ||
if long(gid) in system_groups and conn.isAdmin: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was just reviewing this code as I had to fix a merge conflict...
I think you should use rootId instead of systemGroupId here, since you want the ID of the root user
admins = [conn.getAdminService().getSecurityRoles().rootId]
Also, it looks like you didn't call the conn.isAdmin: method (missing brackets) but this shouldn't be needed anyway as the login_required decorator already checks that only Admins can view this page.
I'll make these changes in my conflict resolution, unless I'm missing something?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed in #1983
Issue spotted in #1723. Requires additional changes to PR #565
To test it check if you can't remove root or guest from system groups in Webadmin.