fefrei
February 25, 2016, 3:30pm
1
Steps to reproduce:
Have SSO set up.
Let a new user sign in, and specify that he is a moderator in the payload.
Expected results:
The users has exactly the same permissions as if he signed up and was instantly manually awarded moderator permissions.
Actual results:
The user is given the moderator flag, but is not added to the staff or moderator groups. This means that he cannot access categories requiring these permissions.
Here’s a screenshot of the user settings:
It looks like hitting Refresh on /admin/groups/automatic fixes this for already created users.
3 Likes
fefrei
May 12, 2016, 4:55pm
2
The issue is still there in version v1.6.0.beta4 +161
The same effect occurs if an existing user is given moderator privileges by another SSO sign-in.
After snooping around in the code, could this be because SSO simply sets the flag and saves the user…
user.save!
user.enqueue_welcome_message('welcome_user') unless suppress_welcome_message
end
custom_fields.each do |k,v|
user.custom_fields[k] = v
end
user.ip_address = ip_address
user.admin = admin unless admin.nil?
user.moderator = moderator unless moderator.nil?
# optionally save the user and sso_record if they have changed
user.save!
sso_record.save!
sso_record && sso_record.user
end
private
…while the proper “grant moderation” action…
# any user that is either a moderator or an admin
def staff?
admin || moderator
end
def regular?
!staff?
end
def grant_moderation!
set_permission('moderator', true)
end
def revoke_moderation!
set_permission('moderator', false)
end
def grant_admin!
set_permission('admin', true)
end
…runs this refresh?
set_permission('admin', true)
end
def revoke_admin!
set_permission('admin', false)
end
def save_and_refresh_staff_groups!
transaction do
self.save!
Group.refresh_automatic_groups!(:admins, :moderators, :staff)
end
end
def set_permission(permission_name, value)
self.send("#{permission_name}=", value)
save_and_refresh_staff_groups!
end
end
3 Likes
