allow admin user to copy dashboards #13605
Conversation
tsteur
added
not-in-changelog
plugins/Dashboard/API.php
Outdated
| } | ||
|
|
||
| if (!$userFound) { | ||
| throw new \Exception(Piwik::translate('Cannot copy dashboard to user %s, user not found or user does not have access to same site.', $copyToUser)); |
There was a problem hiding this comment.
Guess this should be moved to a translation key, or the Piwik::translate can be removed
There was a problem hiding this comment.
didn't create translation key similar to the end of the API method where it is also not translated as when triggered through the UI this cannot happen... will remove the piwik translate
|
Testing locally it seems that even for an admin user it shows the entire list of users in the "Copy dashboard to user" modal. Think this is a security risk. |
|
I tested locally here and it didn't. Did you test if the users you see are in the same sites as the admin user? |
|
I had a single site every user had access to, w/o that site it works (though some users still result in the "Cannot copy dashboard to user" error; they probably don't have access to the site). |
|
When every user has access to this site, and the user is an admin user, then the user can see all the other users. That's expected. I just tested here again and it works as expected. As admin users you can see all other users that have access to the same site. say you have
Then you are allowed to see a list of all users that have access to site 1, 4 and 5. The method |
|
Some test failures, otherwise looks good to merge & works locally |
|
Fixed the test 👍 |
fix #13567