@sgiehl opened this Issue on February 7th 2022 Member

When editing the permissions for a user, it is currently always possible in the UI to add capabilities.
But if the users doesn't have any access to a certain site, the API request for adding the capability does nothing, but still returns success.

This is somehow unexpected, as the API should throw an exception if adding a capability isn't possible. And also the UI shouldn't show the capability selection in that case.

Throwing an exception can easily be added here:
https://github.com/matomo-org/matomo/blob/d17b842d09fa3726f2fee7c203601d6895d14bad/plugins/UsersManager/API.php#L1206-L1226

Hiding the selection box can be achieved by adding something like v-if="userRole !== 'noaccess'" here:
https://github.com/matomo-org/matomo/blob/1dd8569ba0279843b9e7b96f5712d34605530fbe/plugins/UsersManager/vue/src/CapabilitiesEdit/CapabilitiesEdit.vue#L37-L46

@tsteur this one should be quite easy to fix. Let me know if I should quickly set up a PR to fix that.

@tsteur commented on February 7th 2022 Member

Makes sense, put it in 4.9 as it's quick to do. If super quick feel free to do it in 4.8

Powered by GitHub Issue Mirror