Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

On save in /admin/user/theuser the YAML content access part is deleted for further users #1639

Closed
cyberlussi opened this issue Feb 20, 2019 · 3 comments
Closed

On save in /admin/user/theuser the YAML content access part is deleted for further users #1639

cyberlussi opened this issue Feb 20, 2019 · 3 comments
Assignees
@mahagr
Labels
bug

Comments

@cyberlussi
Copy link

Hi,

I created according to learn.grav a new user "theuser" on cmdline. As I like to have limited access for this user, I edited the yaml file and added

access:
  admin:
    login: 'true'
    pages: 'true'
    statistics: 'true'
  site:
    login: 'true'

This works fine for login and limited view in the admin plugin. But when opening /admin/user/theuser and just doing "Save", the yaml is cleaned too much. The complete "access" block is gone. The user cannot login any more.

Nevertheless, for the initially created admin user it seems to work on save. I am using v3.0.0-rc.3.
@cyberlussi
Copy link
Author

cyberlussi commented Feb 20, 2019
edited
Loading

A question came into my mind: Do I have to add (as the main admin user) "access" first to /admin/plugins/login > User Registration > Registration fields > Default values?!?

@mahagr
Copy link
Member

mahagr commented Mar 22, 2019
edited
Loading

@cyberlussi This issue should be fixed in the latest RCs, can you confirm?

@cyberlussi
Copy link
Author

@mahagr Well, I would say it is partly fixed.
When editing as admin another user, yes, the access part is maintained.
When editing as non-admin user the same user ("my profile"), no, the access part is removed.

So a non-admin user can still block himself for login when e.g. editing his e-mail. Somehow it makes a sence that a non-admin user should not be able to modify the access block, but his own assigned rights should be conserved - unmodified.

@mahagr mahagr self-assigned this Mar 26, 2019
@mahagr mahagr transferred this issue from getgrav/grav-plugin-login Mar 28, 2019
mahagr added a commit that referenced this issue Mar 28, 2019
@mahagr
Fixed lost user access when saving user profile without super user pe…
5c832dd 
…rmissions [#1639]
@rhukster rhukster added the bug label Apr 10, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mahagr mahagr

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mahagr @rhukster @cyberlussi