Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Introduce new User permission: Super User Access #4564

Closed
mattab opened this Issue · 49 comments

2 participants

Matthieu Aubry Thomas Steur
Matthieu Aubry
Owner

The feature to be able to have several Super Users is becoming more important, and many users have requested it in the forums and in #2589

Tasks:

  • Create superAdmin permission. The superAdmin permission is equivalent to the currently "superUser" in terms of power.
  • The user stored in the config file has always superAdmin permission.
  • Code: change all calls to checkUserIsSuperUser to: checkUserHasSuperAdmin permissions, setUserIsSuperUser becomes setUserHasSuperAdmin, checkUserIsSuperUserOrTheUser -> checkUserIsTheUserOrHasSuperAdmin
  • Add / update unit tests

Note:

  • the Super User stored in the config file will never lose its super admin capability. But other users with SuperAdmin permission can lose it
  • The UI for setting Super Admin permission is out of scope, it is covered in #2589
Thomas Steur
Owner

In e4b425b: refs #4564 #2589 added possibility to define multiple superusers

Thomas Steur
Owner

In 743d7b8: refs #4564 #2589 do not allow to edit a users websites permissions if user is superuser. Reload page after successfully changing superuser permission to make sure it is afterwards possible to (edit / not edit) websites permissions

Thomas Steur
Owner

In 265f4b9: refs #4564 #2589 we need a small difference between superUser and configSuperUser

Thomas Steur
Owner

In 743b92d: refs #4564 some more fixes for config super user

Thomas Steur
Owner

In bdb6967: refs #4564 restrict sites to login for all non super users

Thomas Steur
Owner

In bda7796: refs #4564 also check for the config user

Thomas Steur
Owner

In 81e7f87: refs #4564 introducing new methods to make user a user has superuser access. Old methods will still work but are marked as deprecated and they will be removed in a future release

Thomas Steur
Owner

In df54712: refs #4564 introducing some more new methods for has superuser access. Old methods will still work but are marked as deprecated and they will be removed in a future release

Thomas Steur
Owner

In cae8ff4: refs #4564 added test to make sure the deprecated methods will be there as promised and removed afterwards

Thomas Steur
Owner

In d8a69b1: refs #4564 fixed some permission issues and removed the todo tags

Thomas Steur
Owner

In ff36d5e: refs #4564 added missing method again to not break API and fix tests

Thomas Steur
Owner

In ea48bba: refs #4564 added db update (version number needs to be changed later probably) and renamed more methods

Thomas Steur
Owner

In 71bf5fe: refs #4564 added column superuser access

Thomas Steur
Owner

In 0ffbe10: refs #4564 fix sql

Thomas Steur
Owner

In 57a1824: refs #4564 fix adding anonymous user is not possible

Thomas Steur
Owner

In 838fea8: refs #4564 fixing tests

Thomas Steur
Owner

In 1c51265: refs #4564 deprecate some more methods

Thomas Steur
Owner

In e3515a5: refs #4564 simplified login tests

Thomas Steur
Owner

In 5d14a67: refs #4564 added some Login tests to make sure a user with super user access will be authenticated as super user

Thomas Steur
Owner

In 8892cce: refs #4564 improved readability of the test

Thomas Steur
Owner

In 0a2e2d3: refs #4564 added some more test cases and removed some obsolete comments

Thomas Steur
Owner

In 67202fc: refs #4564 whitespace

Thomas Steur
Owner

In 91defb4: refs #4564 some more tests, also grepped for different superuser terms and updated some test names

Thomas Steur
Owner

In ee5aba1: refs #4564 fix tests

Thomas Steur
Owner

current status of #2589 and #4564 and #4582

It should work so far. As discussed user role is "SuperUser" not "SuperAdmin". Once a superUser role is set you "lose" all previous custom access because you gain permission to everything anyway. Updated/Added tests, renamed methods, added UI. Also tested whether scheduled tasks still work and looks good.

Needs to be done:

  • Update documentation
  • In blog post inform about deprecated methods which will be removed in the future

I have some changes in the submodules but haven't committed them to keep it simple. It should work though but haven't tested it.

Thomas Steur
Owner

In da54aa4: refs #4564 some bugfixes, documentation and tests

Thomas Steur
Owner

In e6133ac: refs #4564 skipping languagesManager test to fix build

Thomas Steur
Owner

In 08f33b6: refs #4564 deprecated method was used

Thomas Steur
Owner

In e6daa61: refs #4564 add superuser before running the ui tests

Matthieu Aubry
Owner

In 92c88a3: 2.0.4-b5 including schema change for Super Use access refs #4564

Matthieu Aubry
Owner

In e012b22: Prevent notice on the Upgrade screen when triggering 2.0.4-b5 refs #4564

Matthieu Aubry
Owner

In f81dcbc: Capitalizing Super User for consistency refs #4564

Thomas Steur
Owner

In 0dab4f5: refs #4564 faster check in case user is the current user

Thomas Steur
Owner

In dabec29: Merge pull request #212 from piwik/multi_superuser

refs #4564 #2589 support for multi superuser

Thomas Steur
Owner

In b9e667f: refs #4564 password has to be at least 6 characters

Thomas Steur
Owner

In fb6775b: refs #4564 added method to not break api

Thomas Steur
Owner

In 88bca63: refs #4564 throw a updateErrorException in case of any exception during the update

Thomas Steur
Owner

In f386511: refs #4564 avoid possible failure during update because of missing permissions -> Get the option value of delegated management directly

Thomas Steur
Owner

In 8d313b0: refs #4564 cleanup and make sure a new user does not get super user access

Thomas Steur
Owner

In 9e20f5a: refs #4564 fix method names

Thomas Steur
Owner

In 0e6ec5d: refs #4564 fixes Login\Auth not found when generating Visits

Matthieu Aubry
Owner

See also: #212

Matthieu Aubry
Owner

Well done Thomas!!

Thomas Steur
Owner

In 0e366ab: refs #4564 instead of moving the option entry -> copy it. Makes sure the superuser still sees the configured phone numbers after migration

Thomas Steur
Owner

In 7250284: refs #4564 get the superuser from database

Thomas Steur
Owner

In ac77310: refs #4564 fix import logs and archive.sh did no longer work because there is no longer a superuser in the config. Read directly the tokenauth of any superuser from a generated file instead. The updatetoken.php will create a file containing the needed token in tmp/cache which will not be served by default (on apache). Also the script contains directly an exit to avoid execution or anything from the browser or cli

Thomas Steur
Owner

In a361138: refs #4564 test whether import_logs.py script can find the token_auth automatically

Thomas Steur
Owner

In 4bc46c3: refs #4564 we have to get the token from the piwik_tests database

Thomas Steur
Owner

In d4839f1: refs #4564 it does not accept a parameter

Matthieu Aubry mattab added this to the 2.1 - Piwik 2.1 milestone
Thomas Steur tsteur was assigned by mattab
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 #2589 do not allow to edit a users websites permissions if…
… user is superuser. Reload page after successfully changing superuser permission to make sure it is afterwards possible to (edit / not edit) websites permissions
743d7b8
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 #2589 we need a small difference between superUser and con…
…figSuperUser
265f4b9
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 some more fixes for config super user 743b92d
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 also check for the config user bda7796
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 introducing new methods to make user a user has superuser …
…access. Old methods will still work but are marked as deprecated and they will be removed in a future release
81e7f87
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 introducing some more new methods for has superuser access…
…. Old methods will still work but are marked as deprecated and they will be removed in a future release
df54712
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 added test to make sure the deprecated methods will be the…
…re as promised and removed afterwards
cae8ff4
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 added db update (version number needs to be changed later …
…probably) and renamed more methods
ea48bba
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 added column superuser access 71bf5fe
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 fix sql 0ffbe10
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 fix adding anonymous user is not possible 57a1824
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 fixing tests 838fea8
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 deprecate some more methods 1c51265
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 simplified login tests e3515a5
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 added some Login tests to make sure a user with super user…
… access will be authenticated as super user
5d14a67
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 improved readability of the test 8892cce
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 whitespace 67202fc
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 some more tests, also grepped for different superuser term…
…s and updated some test names
91defb4
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 fix tests ee5aba1
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur #4564 updated some translation strings 8f4e45e
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 some bugfixes, documentation and tests da54aa4
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 skipping languagesManager test to fix build e6133ac
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 deprecated method was used 08f33b6
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 add superuser before running the ui tests e6daa61
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Matthieu Aubry mattab Capitalizing Super User for consistency refs #4564 f81dcbc
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 faster check in case user is the current user 0dab4f5
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 password has to be at least 6 characters b9e667f
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 added method to not break api fb6775b
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 throw a updateErrorException in case of any exception duri…
…ng the update
88bca63
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 avoid possible failure during update because of missing pe…
…rmissions -> Get the option value of delegated management directly
f386511
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 fix method names 9e20f5a
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 instead of moving the option entry -> copy it. Makes sure …
…the superuser still sees the configured phone numbers after migration
0e366ab
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 get the superuser from database 7250284
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 fix import logs and archive.sh did no longer work because …
…there is no longer a superuser in the config. Read directly the tokenauth of any superuser from a generated file instead. The updatetoken.php will create a file containing the needed token in tmp/cache which will not be served by default (on apache). Also the script contains directly an exit to avoid execution or anything from the browser or cli
ac77310
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 test whether import_logs.py script can find the token_auth…
… automatically
a361138
Philip Taffner sabl0r referenced this issue from a commit in sabl0r/piwik
Thomas Steur tsteur refs #4564 it does not accept a parameter d4839f1
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.