Skip to content

Improve role/capability handling in usermanager #18750

New issue
New issue
Closed
#19388
Closed
Improve role/capability handling in usermanager#18750
#19388
Assignees
sgiehl
Labels
BugFor errors / faults / flaws / inconsistencies etc.c: UsabilityFor issues that let users achieve a defined goal more effectively or efficiently.
Milestone
4.12.0
@sgiehl

Description

@sgiehl
sgiehl
opened on Feb 7, 2022

When editing the permissions for a user, it is currently always possible in the UI to add capabilities.
But if the users doesn't have any access to a certain site, the API request for adding the capability does nothing, but still returns success.

This is somehow unexpected, as the API should throw an exception if adding a capability isn't possible. And also the UI shouldn't show the capability selection in that case.

Throwing an exception can easily be added here:

matomo/plugins/UsersManager/API.php

Lines 1206 to 1226 in d17b842

foreach ($capabilities as $entry) {
$cap = $this->capabilityProvider->getCapability($entry);
foreach ($idSites as $idSite) {
$hasRole = array_key_exists($idSite, $sitesIdWithRole);
$hasCapabilityAlready = array_key_exists($idSite, $sitesIdWithCapability) && in_array($entry, $sitesIdWithCapability[$idSite], true);
// so far we are adding the capability only to people that also have a role...
// to be defined how to handle this... eg we are not throwing an exception currently
// as it might be used as part of bulk action etc.
if ($hasRole && !$hasCapabilityAlready) {
$theRole = $sitesIdWithRole[$idSite];
if ($cap->hasRoleCapability($theRole)) {
// todo this behaviour needs to be defined...
// when the role already supports this capability we do not add it again
continue;
}
$this->model->addUserAccess($userLogin, $entry, array($idSite));
}
}

Hiding the selection box can be achieved by adding something like v-if="userRole !== 'noaccess'" here:

matomo/plugins/UsersManager/vue/src/CapabilitiesEdit/CapabilitiesEdit.vue

Lines 37 to 46 in 1dd8569

<Field
:model-value="capabilityToAddId"
@update:model-value="capabilityToAddId = $event; onToggleCapability(true)"
:disabled="isBusy"
uicontrol="expandable-select"
name="add_capability"
:full-width="true"
:options="availableCapabilitiesGrouped"
>
</Field>

@tsteur this one should be quite easy to fix. Let me know if I should quickly set up a PR to fix that.

Metadata

Metadata

Assignees

Labels

BugFor errors / faults / flaws / inconsistencies etc.c: UsabilityFor issues that let users achieve a defined goal more effectively or efficiently.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions