Page MenuHomeIn-Portal Phabricator

INP-1876 - Verify system settings access permissions before allowing to change them
AcceptedPublic

Authored by alex on Oct 3 2024, 8:26 AM.

Details

Reviewers
erik
Test Plan
  1. in 1st browser:
    1. login to Admin Console as root user
    2. go to the ConfigurationUsersGeneral section
    3. enable the Advanced User Management system setting
    4. save changes
    5. confirm, that:
      • settings were saved
      • no error has happened
      • the User ManagementGroups section became available
    6. go to the User ManagementGroups section
    7. edit the admin group
    8. remove the permission to view/edit the ConfigurationWebsiteGeneral section
    9. save changes
    10. go to the ConfigurationWebsiteGeneral section
    11. inspect input for the Website name system setting and remember it's name HTML attribute value
  2. in 2nd browser:
    1. login to Admin Console as any administrator user (not the root)
    2. go to the ConfigurationWebsiteAdvanced section
    3. confirm, that you can't see the ConfigurationWebsiteGeneral section
    4. inspect the input of the Default Design Template system setting
    5. change its name HTML attribute value to the above remembered one (from the Website name system setting)
    6. save changes
    7. confirm, that:
      • settings were saved
      • no error has happened
  3. in 1st browser:
    1. go to the ConfigurationWebsiteGeneral section
    2. confirm, that Website name system setting wasn't changed
    3. confirm, that:
      • settings were saved
      • no error has happened

Diff Detail

Repository
rINP In-Portal
Branch
/in-portal/branches/5.2.x
Lint
Lint OK
Unit
No Unit Test Coverage
Build Status
Buildable 1288
Build 1288: arc lint + arc unit

Event Timeline

alex created this revision.Oct 3 2024, 8:26 AM
alex requested review of this revision.Oct 3 2024, 8:26 AM
alex edited the test plan for this revision. (Show Details)Oct 3 2024, 8:47 AM
alex added a project: Restricted Project.
erik accepted this revision.Oct 3 2024, 9:53 AM

Test by plan is passed, but, to have Groups section visible, with root user go to Configuration->Users-General section, press Save button - and got "Exception: Permission section not specified for prefix conf in w:\SVN\5.2.x\core\kernel\utility\event.php on line 439"

This revision is now accepted and ready to land.Oct 3 2024, 9:53 AM
alex planned changes to this revision.Oct 3 2024, 10:40 AM
In D486#9799, @erik wrote:

Test by plan is passed, but, to have Groups section visible, with root user go to Configuration->Users-General section, press Save button - and got "Exception: Permission section not specified for prefix conf in w:\SVN\5.2.x\core\kernel\utility\event.php on line 439"

Reopening for fixing, because this error is happening for root user on every configuration page save attempt.

alex edited the test plan for this revision. (Show Details)Oct 3 2024, 11:07 AM
alex edited the test plan for this revision. (Show Details)
alex updated this revision to Diff 1246.Oct 3 2024, 11:09 AM

Fixed fatal error on system setting saving for the root user.

This revision is now accepted and ready to land.Oct 3 2024, 11:09 AM
alex requested review of this revision.Oct 3 2024, 11:12 AM
erik accepted this revision.Oct 3 2024, 11:21 AM
This revision is now accepted and ready to land.Oct 3 2024, 11:21 AM