New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check all 6 collections when select set as admin for 6 #4652
base: production
Are you sure you want to change the base?
Conversation
Triggered by 268443a on branch refs/heads/issue-2695b
There is an issue with the api, |
specifyweb/frontend/js_src/lib/components/Security/AdminStatusPlugin.tsx
Outdated
Show resolved
Hide resolved
Triggered by a600792 on branch refs/heads/issue-2695b
It seems the -- example for setting the new user, with ID 17, to admin
-- set_admin
INSERT INTO specifyuser_spprincipal (SpPrincipalId, SpecifyUserId)
SELECT spprincipalid, 17
FROM spprincipal
WHERE name = 'Administrator';
-- is_admin - return 1 if true, no results if false
SELECT 1
FROM specifyuser_spprincipal,
spprincipal
WHERE 17 = specifyuser_spprincipal.specifyuserid
AND specifyuser_spprincipal.spprincipalid = spprincipal.spprincipalid
AND spprincipal.name = 'Administrator'
LIMIT 1;
-- list_admins
SELECT specifyuserid, specifyuser.name
FROM specifyuser_spprincipal
JOIN spprincipal USING (spprincipalid)
JOIN specifyuser USING (specifyuserid)
WHERE spprincipal.name = 'Administrator';
-- get users_collections_for_sp6
SELECT DISTINCT c.usergroupscopeid, c.collectionname
FROM collection c
INNER JOIN spprincipal p
ON p.usergroupscopeid = c.usergroupscopeid
INNER JOIN specifyuser_spprincipal up
ON up.spprincipalid = p.spprincipalid
INNER JOIN specifyuser u
ON u.specifyuserid = up.specifyuserid
AND p.grouptype IS NULL
WHERE up.specifyuserid = 17; The other step after setting the user to Admin is to add the collections the user has access to via PUT api call to It seems that the problem in that call the specify7/specifyweb/context/views.py Lines 76 to 81 in c4f634c
Here are the sql statements that are made by the -- First delete the mappings from the user to the principals.
DELETE specifyuser_spprincipal
FROM specifyuser_spprincipal
JOIN spprincipal using (spprincipalid)
WHERE specifyuserid = 17
AND usergroupscopeid NOT IN ( 65536, 32768, 4 );
-- Next delete the joins from the principals to any permissions.
DELETE FROM spprincipal_sppermission
WHERE spprincipalid NOT IN (SELECT spprincipalid
FROM specifyuser_spprincipal);
-- Finally delete all the principals that aren't connected to
-- any user. This should just be the ones where the mappings
-- were deleted above.
DELETE FROM spprincipal
WHERE grouptype IS NULL
AND spprincipalid NOT IN (SELECT spprincipalid
FROM specifyuser_spprincipal);
-- Now to add any new principals. Which ones alerady exist?
SELECT usergroupscopeid
FROM spprincipal
JOIN specifyuser_spprincipal using (spprincipalid)
WHERE grouptype IS NULL
AND specifyuserid = 17;
-- Add a principal for collection ids that don't already exist
UPDATE spprincipal set usergroupscopeid = %s WHERE spprincipalid = %s;
INSERT specifyuser_spprincipal(SpecifyUserID, SpPrincipalID) VALUES (17, %s); I think this might of just been an oversight, so I'm adding an extra condition to that query statement to exclude Admin principals. We might want to design a more comprehensive solution, but this at least avoids removing the admin status. DELETE specifyuser_spprincipal
FROM specifyuser_spprincipal
JOIN spprincipal using (spprincipalid)
WHERE specifyuserid = 17
AND usergroupscopeid NOT IN ( 65536, 32768, 4 )
AND spprincipal.Name != 'Administrator'; -- added this condition There still seems to be an issue of the 'User Group' picklist being set to the old value, rather than 'Manager'. Looking at the I added |
Triggered by e979d0e on branch refs/heads/issue-2695b
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Testing instructions
- go in security and accounts
- click on make admin button under specify 6 permissions
- open set collections under specify 6 permissions
==> verify that all collections are checked
==> verify that you can unchecked some collections and save
Looks good, all collections are checked.
hgMPNySDQM.mp4
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Testing instructions
- go in security and accounts
- click on make admin button under specify 6 permissions
- open set collections under specify 6 permissions
==> verify that all collections are checked
==> verify that you can unchecked some collections and save
All collections are checked when made into an admin and you can edit the selected collections and save. Looks good!
Fixes #2695
Checklist
and self-explanatory (or properly documented)
Testing instructions
==> verify that all collections are checked
==> verify that you can unchecked some collections and save