Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When an admin removes a user's access to a website, sending scheduled reports may fail #5943

Closed
mattab opened this issue Aug 7, 2014 · 1 comment
Assignees
Labels
Bug For errors / faults / flaws / inconsistencies etc.
Milestone

Comments

@mattab
Copy link
Member

mattab commented Aug 7, 2014

Reproduce:

  • create user
  • assign user to website 1
  • user creates a scheduled report for website 1
  • super user removes user access to website 1
  • run core:archive

It would result in following error (here for idreport=20): ScheduledReportsAPI.sendReport_20,ERROR: U kunt deze bron niet verwijderen omdat 'view' toegang is vereist

Goal of this ticket is to make scheduled task work, even though reports don't have necessary permissions.

More info: there are two solutions to this:

  • when user loses access to a website, we could delete the reports for this user and website,
  • or we could skip trying to send reports when a user does not have permission.

I think skipping reports is better solution, because in case the Super User deletes permission from user by mistake, then restores the permission, then user should still have his scheduled reports working.

@mattab mattab changed the title When an admin removes a user\' access to a website, scheduled reports for this When an admin removes a user's access to a website, sending scheduled reports may fail Aug 7, 2014
@mattab mattab added the Bug label Aug 7, 2014
@mattab mattab added this to the Piwik 2.5.0 milestone Aug 7, 2014
@tsteur
Copy link
Member

tsteur commented Aug 8, 2014

+1 for "when user loses access to a website, we could delete the reports for this user and website". It works like this already in several other plugins see http://developer.piwik.org/api-reference/events#usersmanagerdeleteuser and it should be already implemented in https://github.com/piwik/piwik/blob/master/plugins/ScheduledReports/ScheduledReports.php#L526

I'll have a look later

@tsteur tsteur self-assigned this Aug 8, 2014
tsteur added a commit that referenced this issue Aug 8, 2014
…he user has no longer access to this site. To make sure it works I added a usersManagerApiTest to verify whether an event is triggered in this case, and added a ScheduledReportsTest to make sure it listens to this event and that it only removes sites that belongs to the user/sites.
@tsteur tsteur closed this as completed Aug 8, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug For errors / faults / flaws / inconsistencies etc.
Projects
None yet
Development

No branches or pull requests

2 participants