Users and Groups module GUI misbehavior after webmin 1.85 that is problematic #2019
Comments
|
You're right, this is surprising behavior! @iliajie it looks like the multi-selector in the Authentic theme is doing this, because it doesn't happen in the old default theme. The arrows to add/remove users are there, but they don't have to be clicked... |
|
Yeah, that was the response to this webmin/authentic-theme#910 (comment) "bug" report years ago. Now, I agree that it may cause unexpected behaviour. I have disabled it by default. Anyone who is willing to have it work on click (without using left/right buttons) would have to run the following in the browser's console: |
|
Actually, I will make it react to double click by default, but it will be possible to fall back to previous behaviour (single-click) using the option mentioned above. |
|
Thank you. That is a good compromise. The single click is also needed if you for instance want to click the list of users and then hit the first letter of a user name to have it quickly search the list and go to that user. You can then double click or use the provided arrow buttons to add/remove to the list on the right hand side. Frankly I don't see any use for wanting it to operate the way it was because you no longer would have the ability to search the list if a single click performed the move operation. Thanks again for correcting it. |
Hi,
At some point beyond Webmin 1.850, the Users & Groups module is behaving differently in such a manner that is somewhat a security problem. The problem is that the one can accidentally/unknowingly add one or more groups to the list of secondary groups for a user (when editing user details) or similarly add one or more users to a single group (when editing a group details).
The problem started at some version beyond 1.85. For example, in the latest version if you edit a user account, then under the "Group Membership" section, you simply single click any of the available groups in the secondary groups area, the group is automatically added to this user's secondary group. at 1.85 level and previous, you had to select the user and then click the right arrow button to add the group. The same problem exists when editing a group and then selecting the users that belong to the group. A single click automatically adds the user. The two arrow buttons to add/remove are more or less unnecessary now.
The new behavior is quite dangerous an should be disabled. Single clicking a user from the list should not automatically add the user to the group or the group to the user's secondary groups. Worse yet, consider the situation where user already belongs to multiple groups. The listed groups under the 'In groups' box may be so long that you have to scroll down to see the last group. However, if you accidentally click a group name on the left, the group is added to the group membership list at the bottom, yet you won't notice that you made this accidental change because the list is so long. Same situation when editing a group with many users as members.
PLEASE return the behavior to the way it was at 1.85 level. Or if possible, require a double click to cause the automatic addition.
Thanks
The text was updated successfully, but these errors were encountered: