Cannot revoke Admin from user


(Wes Osborn) #1

Running version 0.9.9.7 via a Docker install and I’m attempting to clean-up our Discourse permissions before we roll out our Discourse install publicly. During the setup phase we had several users with Admin access to help facilitate the setup of the software. Now I’m trying to revoke that Admin access and it doesn’t seem to be working.

Here are the steps I’m taking:

  1. User logs out of Discourse
  2. Another admin user, pulls up their profile in: /admin/users
  3. Click on the Log Out button on the users profile page to make sure that they are forced out of all logged in sessions
  4. Click the Revoke Admin button
  5. Ask user to log back into Discourse
  6. When the login they still have access to the admin menu
  7. The other admin refreshes their profile page and the Admin flag has been changed back to true

I’ve checked /logs and I don’t see anything helpful there.

One other point worthing mentioning is that we do use SSO to logon our users, but I’ve checked and I don’t see any obvious way that would be impacting this scenario.


#2

Just curious. Can you change their trust levels and have that persist, or add/remove them as a moderator or is it just Admin revocation?


(Wes Osborn) #3

Great question!

I tested changing both of those and those changes did “stick”. So it looks like the only issue right now is with the Grant/Revoke of the Admin flag. I’ll try it with some other users later today just to make sure that it isn’t only with one account.


#4

There is a ‘not so great work around’ involving banning them ‘temporarily’ and have them use another account. that would depend on if they are valued.

If you are using the docker droplet discourse install and are fairly current/updated then you can cd /var/docker, do a git pull, then type ./launcher rebuild app. See this link for details

I suggest this because of the uptick in github commits by the devs in the last 2-3 days. So the logic is, if you rebuild it, it could shakes out whatever might be hanging and or maybe a patch will hit that particular section of code and straighten things out auto-magically.

Its not the greatest suggestion but a suggestion none-the-less

:smile:


(Sam Saffron) #5

revoke and grant admin definitely work on clean installs.

I wonder is the email address of that admin whitelisted in DISCOURSE_DEVELOPER_EMAILS in the container config?


(Sam Saffron) #6

Sorry, I am closing this as I have no repro and/or followup. @wesochuck flag this if you need it re-opened.


(Sam Saffron) #7