Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce new User permission: Super User Access #4564

Closed
mattab opened this issue Jan 21, 2014 · 49 comments
Closed

Introduce new User permission: Super User Access #4564

mattab opened this issue Jan 21, 2014 · 49 comments
Assignees
Labels
Critical Indicates the severity of an issue is very critical and the issue has a very high priority. Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.
Milestone

Comments

@mattab
Copy link
Member

mattab commented Jan 21, 2014

The feature to be able to have several Super Users is becoming more important, and many users have requested it in the forums and in #2589

Tasks:

  • Create superAdmin permission. The superAdmin permission is equivalent to the currently "superUser" in terms of power.
  • The user stored in the config file has always superAdmin permission.
  • Code: change all calls to checkUserIsSuperUser to: checkUserHasSuperAdmin permissions, setUserIsSuperUser becomes setUserHasSuperAdmin, checkUserIsSuperUserOrTheUser -> checkUserIsTheUserOrHasSuperAdmin
  • Add / update unit tests

Note:

  • the Super User stored in the config file will never lose its super admin capability. But other users with SuperAdmin permission can lose it
  • The UI for setting Super Admin permission is out of scope, it is covered in Add Support for Multiple Superusers #2589
@tsteur
Copy link
Member

tsteur commented Jan 22, 2014

In e4b425b: refs #4564 #2589 added possibility to define multiple superusers

@tsteur
Copy link
Member

tsteur commented Jan 22, 2014

In 743d7b8: refs #4564 #2589 do not allow to edit a users websites permissions if user is superuser. Reload page after successfully changing superuser permission to make sure it is afterwards possible to (edit / not edit) websites permissions

@tsteur
Copy link
Member

tsteur commented Jan 22, 2014

In 265f4b9: refs #4564 #2589 we need a small difference between superUser and configSuperUser

@tsteur
Copy link
Member

tsteur commented Jan 23, 2014

In 743b92d: refs #4564 some more fixes for config super user

@tsteur
Copy link
Member

tsteur commented Jan 23, 2014

In bdb6967: refs #4564 restrict sites to login for all non super users

@tsteur
Copy link
Member

tsteur commented Jan 23, 2014

In bda7796: refs #4564 also check for the config user

@tsteur
Copy link
Member

tsteur commented Jan 23, 2014

In 81e7f87: refs #4564 introducing new methods to make user a user has superuser access. Old methods will still work but are marked as deprecated and they will be removed in a future release

@tsteur
Copy link
Member

tsteur commented Jan 23, 2014

In df54712: refs #4564 introducing some more new methods for has superuser access. Old methods will still work but are marked as deprecated and they will be removed in a future release

@tsteur
Copy link
Member

tsteur commented Jan 23, 2014

In cae8ff4: refs #4564 added test to make sure the deprecated methods will be there as promised and removed afterwards

@tsteur
Copy link
Member

tsteur commented Jan 23, 2014

In d8a69b1: refs #4564 fixed some permission issues and removed the todo tags

@tsteur
Copy link
Member

tsteur commented Jan 23, 2014

In ff36d5e: refs #4564 added missing method again to not break API and fix tests

@tsteur
Copy link
Member

tsteur commented Jan 23, 2014

In ea48bba: refs #4564 added db update (version number needs to be changed later probably) and renamed more methods

@tsteur
Copy link
Member

tsteur commented Jan 23, 2014

In 71bf5fe: refs #4564 added column superuser access

@tsteur
Copy link
Member

tsteur commented Jan 23, 2014

In 0ffbe10: refs #4564 fix sql

@tsteur
Copy link
Member

tsteur commented Jan 23, 2014

In 57a1824: refs #4564 fix adding anonymous user is not possible

@tsteur
Copy link
Member

tsteur commented Jan 23, 2014

In 838fea8: refs #4564 fixing tests

@tsteur
Copy link
Member

tsteur commented Jan 23, 2014

In 1c51265: refs #4564 deprecate some more methods

@tsteur
Copy link
Member

tsteur commented Jan 23, 2014

In e3515a5: refs #4564 simplified login tests

@tsteur
Copy link
Member

tsteur commented Jan 23, 2014

In 5d14a67: refs #4564 added some Login tests to make sure a user with super user access will be authenticated as super user

@tsteur
Copy link
Member

tsteur commented Jan 23, 2014

In 8892cce: refs #4564 improved readability of the test

@tsteur
Copy link
Member

tsteur commented Jan 23, 2014

In 0a2e2d3: refs #4564 added some more test cases and removed some obsolete comments

@tsteur
Copy link
Member

tsteur commented Jan 23, 2014

In 67202fc: refs #4564 whitespace

@tsteur
Copy link
Member

tsteur commented Jan 23, 2014

In 91defb4: refs #4564 some more tests, also grepped for different superuser terms and updated some test names

@tsteur
Copy link
Member

tsteur commented Jan 24, 2014

In ee5aba1: refs #4564 fix tests

@tsteur
Copy link
Member

tsteur commented Jan 24, 2014

current status of #2589 and #4564 and #4582

It should work so far. As discussed user role is "SuperUser" not "SuperAdmin". Once a superUser role is set you "lose" all previous custom access because you gain permission to everything anyway. Updated/Added tests, renamed methods, added UI. Also tested whether scheduled tasks still work and looks good.

Needs to be done:

  • Update documentation
  • In blog post inform about deprecated methods which will be removed in the future

I have some changes in the submodules but haven't committed them to keep it simple. It should work though but haven't tested it.

@tsteur
Copy link
Member

tsteur commented Jan 27, 2014

In da54aa4: refs #4564 some bugfixes, documentation and tests

@tsteur
Copy link
Member

tsteur commented Jan 27, 2014

In e6133ac: refs #4564 skipping languagesManager test to fix build

@tsteur
Copy link
Member

tsteur commented Jan 27, 2014

In 08f33b6: refs #4564 deprecated method was used

@tsteur
Copy link
Member

tsteur commented Jan 27, 2014

In e6daa61: refs #4564 add superuser before running the ui tests

@mattab
Copy link
Member Author

mattab commented Jan 28, 2014

In 92c88a3: 2.0.4-b5 including schema change for Super Use access refs #4564

sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
…super user access will be authenticated as super user
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
…missing permissions -> Get the option value of delegated management directly
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
…akes sure the superuser still sees the configured phone numbers after migration
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
…k because there is no longer a superuser in the config. Read directly the tokenauth of any superuser from a generated file instead. The updatetoken.php will create a file containing the needed token in tmp/cache which will not be served by default (on apache). Also the script contains directly an exit to avoid execution or anything from the browser or cli
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
sabl0r pushed a commit to sabl0r/piwik that referenced this issue Sep 23, 2014
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Critical Indicates the severity of an issue is very critical and the issue has a very high priority. Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.
Projects
None yet
Development

No branches or pull requests

2 participants