Bug 894910 - Admin users in zanata.properties do not take effect for existing users
Summary: Admin users in zanata.properties do not take effect for existing users
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Zanata
Classification: Retired
Component: Component-Logic
Version: development
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: Damian Jansen
QA Contact: Zanata-QA Mailling List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-01-14 01:02 UTC by Sean Flanigan
Modified: 2014-03-24 04:03 UTC (History)
2 users (show)

Fixed In Version:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-03-24 03:46:25 UTC
Embargoed:


Attachments (Terms of Use)

Description Sean Flanigan 2013-01-14 01:02:24 UTC
Description of problem:
Admin users in zanata.properties do not take effect if the user has already been created.

Version-Release number of selected component (if applicable):
2.1.1-SNAPSHOT (20130114-1031)

How reproducible:


Steps to Reproduce:
1. Add user to zanata.security.roles.admin in conf/zanata.properties
2. Restart jboss
3. Log in as user
4. Look for Admin item in the menu bar
  
Actual results:
Admin is missing, user is not an admin.

Expected results:
Admin should be available, user should have admin rights.

Additional info:

Comment 1 Sean Flanigan 2013-01-14 02:33:15 UTC
The current behaviour is actually deliberate: in case the admin role is removed from a user in the UI, we wanted to ensure that the removal will be permanent.

However, there is a problem if the system administrator fails to assign an admin in zanata.properties before the user logs in.  In that case, it is no longer possible to make them an admin (other than editing the database directly).

We need to find a better way of handling this.

Comment 2 Ding-Yi Chen 2014-03-24 03:46:25 UTC
As zanata.properties is discomissioned, this bug is closed as WONTFIX.

If the functionality is desired,
Please modify the value of java:global/zanata/security/admin-users
in standalone.xml, like following:

<subsystem xmlns="urn:jboss:domain:naming:{namingVer}">
  <bindings>
   ....
    <simple name="java:global/zanata/security/admin-users" value="admin"/>
   ...
  </bindings>
  ...
</subsystem>

Comment 3 Sean Flanigan 2014-03-24 04:03:35 UTC
Whether the usernames come from zanata.properties or JNDI isn't that important, but the problem of granting admin access when there are no admin users is still there.


We do have a simple script which can help with this: 

https://raw.githubusercontent.com/zanata/zanata-scripts/master/makeZanataAdmin.groovy

When run, it can output the SQL required to make an existing user into an admin.


Note You need to log in before you can comment on or make changes to this bug.