Bug 894910 - Admin users in zanata.properties do not take effect for existing users
Admin users in zanata.properties do not take effect for existing users
Status: CLOSED WONTFIX
Product: Zanata
Classification: Community
Component: Component-Logic (Show other bugs)
development
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Damian Jansen
Zanata-QA Mailling List
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-01-13 20:02 EST by Sean Flanigan
Modified: 2014-03-24 00:03 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-03-23 23:46:25 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Sean Flanigan 2013-01-13 20:02:24 EST
Description of problem:
Admin users in zanata.properties do not take effect if the user has already been created.

Version-Release number of selected component (if applicable):
2.1.1-SNAPSHOT (20130114-1031)

How reproducible:


Steps to Reproduce:
1. Add user to zanata.security.roles.admin in conf/zanata.properties
2. Restart jboss
3. Log in as user
4. Look for Admin item in the menu bar
  
Actual results:
Admin is missing, user is not an admin.

Expected results:
Admin should be available, user should have admin rights.

Additional info:
Comment 1 Sean Flanigan 2013-01-13 21:33:15 EST
The current behaviour is actually deliberate: in case the admin role is removed from a user in the UI, we wanted to ensure that the removal will be permanent.

However, there is a problem if the system administrator fails to assign an admin in zanata.properties before the user logs in.  In that case, it is no longer possible to make them an admin (other than editing the database directly).

We need to find a better way of handling this.
Comment 2 Ding-Yi Chen 2014-03-23 23:46:25 EDT
As zanata.properties is discomissioned, this bug is closed as WONTFIX.

If the functionality is desired,
Please modify the value of java:global/zanata/security/admin-users
in standalone.xml, like following:

<subsystem xmlns="urn:jboss:domain:naming:{namingVer}">
  <bindings>
   ....
    <simple name="java:global/zanata/security/admin-users" value="admin"/>
   ...
  </bindings>
  ...
</subsystem>
Comment 3 Sean Flanigan 2014-03-24 00:03:35 EDT
Whether the usernames come from zanata.properties or JNDI isn't that important, but the problem of granting admin access when there are no admin users is still there.


We do have a simple script which can help with this: 

https://raw.githubusercontent.com/zanata/zanata-scripts/master/makeZanataAdmin.groovy

When run, it can output the SQL required to make an existing user into an admin.

Note You need to log in before you can comment on or make changes to this bug.