New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Role permissions not behaving as expected with CSV bulk upload #3296

Open
chrisabo opened this Issue Sep 18, 2018 · 1 comment

Comments

Projects
None yet
3 participants
@chrisabo

chrisabo commented Sep 18, 2018

I created a role to allow a non-admin user with the following permissions:
Bulk Data Import
Edit Their Own Posts

Assigned that role to a new user.

When the user tries to upload the bulk import, user receives following error message:
Access Denied - Sorry, you're not allowed to do that.
User 10 is not allowed to import resource posts #0

Where was the bug observed
Self-hosted Ushahidi 3.0 site - www.librarysites.io

To Reproduce
Steps to reproduce the behavior:

  1. Log in as admin user
  2. Create role with following permissions - Bulk Data Import + Edit their own Posts - click save
  3. Log out as admin user
  4. Log in as "bulk import user"
  5. Click on Settings
  6. Click on Import
  7. Go through steps to import CSV
  8. Click on Finish Import
  9. See error

Expected behavior
Expected that user would be able to upload the CSV file and then be able to edit the posts that were contained in the CSV file.

Is there a workaround? What is it.
Give additional permissions to Manage Posts - if I do this the user can then perform the bulk upload and edit the posts, but also has the ability to edit all posts in the deployment even those submitted by other users which is not something that I want to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

URL / Environment where this happened
www.librarysites.io

If the bug is datasource related (e.g. SMS or Targeted SMS), please specify the configuration details (e.g. Frontline + Clickatell, etc):
N/A

Desktop Hardware Details (please complete the following information):

  • OS: Windows 10
  • Browser Tried: Chrome
    -Version: 69.0.3497.100 (Official Build) (64-bit), also tested in Firefox, but found different bug

Additional context
No problem with bulk upload of same CSV under different account ()admin with all permissions). Also no problem of uploading CSV with the more limited user account if I check the "Manage Posts" permission box.

@rowasc rowasc added the Needs Triage label Oct 5, 2018

@rowasc

This comment has been minimized.

Show comment
Hide comment
@rowasc

rowasc Oct 5, 2018

Contributor

@chrisabo thank you for reporting this issue. Our team will look into it and report back with our findings.

@Eve-wanderi could you please verify if this is happening in the latest production version, and let me know? if you have any questions on how to reproduce please ping me.
Thank you

Contributor

rowasc commented Oct 5, 2018

@chrisabo thank you for reporting this issue. Our team will look into it and report back with our findings.

@Eve-wanderi could you please verify if this is happening in the latest production version, and let me know? if you have any questions on how to reproduce please ping me.
Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment