Hi all
Sounds like a bug.
@Justin, as far as I can remember I never contributed some code to the
Group Admin concept, I think you invented this feature for a customer.
Maybe I am wrong here.
Cheers
On Wed, Apr 19, 2017 at 4:18 AM, Justin Deoliveira <[email protected]>
wrote:
>
>
> On Tue, Apr 18, 2017 at 3:11 AM Andrea Aime <[email protected]>
> wrote:
>
>> On Thu, Apr 6, 2017 at 1:52 PM, Rob L <[email protected]>
>> wrote:
>>
>>> Done some more testing now I'm certain I've found further issues; these
>>> have
>>> only been tested with the "Default XML user/group service"
>>>
>>> Create 2 groups:
>>> 1. group-1
>>> 2. group-2
>>>
>>> Create 3 users
>>> 1. group-1-user ; member of group-1 ; add role GROUP_ADMIN
>>> 2. group-2-user ; member of group-2
>>> 3. no-group-user
>>>
>>>
>>> *Issue 1:* Disabling non-group users:
>>> - Log in to webGUI as group-1-user (GROUP_ADMIN)
>>> - Open group-2-user
>>> - Un-tick the "Enabled" check box
>>> - Click save -> Error message: "An error occurred while saving the user:
>>> User [...] is member of group(s) not administered by current user and
>>> cant
>>> be modified."
>>> - Navigate back to user list (or press "Cancel")
>>> - group-2-user now doesn't have the "Enabled" tick and cannot log in
>>>
>>
>> Bug.
>>
>>
>>>
>>>
>>> *Issue 2:* Changing non-group users passwords (occurred when Password
>>> encryption=Digest, didn't affect Strong PBE):
>>> - Log in to webGUI as group-1-user (GROUP_ADMIN)
>>> - Open group-2-user
>>> - Change the password
>>> - Click save -> Error message: "An error occurred while saving the user:
>>> User [...] is member of group(s) not administered by current user and
>>> cant
>>> be modified."
>>> - Navigate back to user list (or press "Cancel")
>>> - group-2-user tries to log on and gets HTTP 500: "No password decoder
>>> for"
>>>
>>
>> This one seems to be in the same ticket as the above one.
>>
>>
>>>
>>>
>>> *Issue 3:* No Recode of existing passwords Digest -> Strong PBE
>>> - Passwords in users.xml aren't re-encoded going from "Digest" to
>>> "Strong
>>> PBE" (however going from "Strong PBE" to "Digest" does)
>>>
>>
>> I'm lost here, how does this happen? Changing the setting in the global
>> UI or
>> is it something group specific too?
>> Also, what would be the expected behavior according to docs (if any)?
>>
>>
>>>
>>>
>>> *Issue 4:* Delete user not in different groups (unhandled exception)
>>> - Log in to webGUI as group-1-user (GROUP_ADMIN)
>>> - Check group-2-user and click "Remove Selected" and then confirm
>>> - JavaScript "Do you want to leave this site.." warning appears, click
>>> "Leave"
>>> - Get "Oops, something went wrong..." page
>>>
>>
>> Probably a separate ticket.
>>
>>
>>>
>>>
>>> *Issue 5:* Delete user not in any groups (maybe not a bug but seems
>>> strange)
>>> - Log in to webGUI as group-1-user (GROUP_ADMIN)
>>> - Check no-group-user and click "Remove Selected" and then confirm
>>> - User is deleted
>>>
>>
>> Unsure, I've cc'ed who I believe is the original author(s) to get info on
>> the expected
>> behavior. Rob, you could also check the documentation and see if the
>> behavior with
>> anything declared there.
>>
>> Yeah, I would say this is probably a bug. If I remember the original
> intention it was that a group admin should only be able to do things
> related to the group they are the admin of. So really that means just add
> and remove users from the group. Christian probably has a better
> recollection than I though.
>
> Cheers
>> Andrea
>>
>>
>> --
>> ==
>> GeoServer Professional Services from the experts! Visit
>> http://goo.gl/it488V for more information.
>> ==
>>
>> Ing. Andrea Aime
>> @geowolf
>> Technical Lead
>>
>> GeoSolutions S.A.S.
>> Via di Montramito 3/A
>> 55054 Massarosa (LU)
>> phone: +39 0584 962313 <+39%200584%20962313>
>> fax: +39 0584 1660272 <+39%200584%20166%200272>
>> mob: +39 339 8844549 <+39%20339%20884%204549>
>>
>> http://www.geo-solutions.it
>> http://twitter.com/geosolutions_it
>>
>> *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*
>>
>> Le informazioni contenute in questo messaggio di posta elettronica e/o
>> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
>> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
>> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
>> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
>> darcene notizia via e-mail e di procedere alla distruzione del messaggio
>> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
>> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
>> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
>> principi dettati dal D.Lgs. 196/2003.
>>
>>
>>
>> The information in this message and/or attachments, is intended solely
>> for the attention and use of the named addressee(s) and may be confidential
>> or proprietary in nature or covered by the provisions of privacy act
>> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
>> Code).Any use not in accord with its purpose, any disclosure, reproduction,
>> copying, distribution, or either dissemination, either whole or partial, is
>> strictly forbidden except previous formal approval of the named
>> addressee(s). If you are not the intended recipient, please contact
>> immediately the sender by telephone, fax or e-mail and delete the
>> information in this message that has been received in error. The sender
>> does not give any warranty or accept liability as the content, accuracy or
>> completeness of sent messages and accepts no responsibility for changes
>> made after they were sent or for other risks which arise as a result of
>> e-mail transmission, viruses, etc.
>>
>> -------------------------------------------------------
>>
>
--
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
