Red Hat Bugzilla – Bug 894910
Admin users in zanata.properties do not take effect for existing users
Last modified: 2014-03-24 00:03:35 EDT
Description of problem: Admin users in zanata.properties do not take effect if the user has already been created. Version-Release number of selected component (if applicable): 2.1.1-SNAPSHOT (20130114-1031) How reproducible: Steps to Reproduce: 1. Add user to zanata.security.roles.admin in conf/zanata.properties 2. Restart jboss 3. Log in as user 4. Look for Admin item in the menu bar Actual results: Admin is missing, user is not an admin. Expected results: Admin should be available, user should have admin rights. Additional info:
The current behaviour is actually deliberate: in case the admin role is removed from a user in the UI, we wanted to ensure that the removal will be permanent. However, there is a problem if the system administrator fails to assign an admin in zanata.properties before the user logs in. In that case, it is no longer possible to make them an admin (other than editing the database directly). We need to find a better way of handling this.
As zanata.properties is discomissioned, this bug is closed as WONTFIX. If the functionality is desired, Please modify the value of java:global/zanata/security/admin-users in standalone.xml, like following: <subsystem xmlns="urn:jboss:domain:naming:{namingVer}"> <bindings> .... <simple name="java:global/zanata/security/admin-users" value="admin"/> ... </bindings> ... </subsystem>
Whether the usernames come from zanata.properties or JNDI isn't that important, but the problem of granting admin access when there are no admin users is still there. We do have a simple script which can help with this: https://raw.githubusercontent.com/zanata/zanata-scripts/master/makeZanataAdmin.groovy When run, it can output the SQL required to make an existing user into an admin.