Possible bug 4.3.9 permissions

levitt1313 · 02-04-2018, 10:55 AM

When logging in as Admin and going to the manage users tab and trying to change the permissions of a user all radio buttons are disabled except for the administrator radio button meaning I can't remove any permissions and I can only add administrator . This is happening for all users with varying permission levels. I was able to change the permissions only by going directly to the permissions tab, clicking on a permission level and adding or removing users to the level.

**mudmin** · 02-04-2018, 12:44 PM

Can you try updating to the latest version? The oldest 4.3 I have installed is 4.3.10 and that one works fine for me.

Just pop these on in order. Just to be safe, do it when you're logged in and visit the admin dashboard in between each update. If it tells you to, run the database update script.

https://userspice.com/patch/439to4310.zip
https://userspice.com/patch/4310to4311.zip
https://userspice.com/patch/4311to4312.zip

**Brandin** · 02-04-2018, 01:05 PM

This has to do with the Permissions Restrictions setting we built. I have not had a chance to document it yet. Basically this allows you to give other people access (I have a User Management permission level) to create, modify, and edit users, but they only have access to take and give what they have.

Example:
Permission Levels are:
1. User
2. Admin
3. Super User
4. User Management

Bobby has levels 1, 3 and 4, so he can't add or remove Level 2 from anyone.

You all of the levels, so you can add or remove anyones.

I need to modify the code to allow someone in the master account array to always do this. I think this is a bug with hasPerm, that I've identified, so I definitely need to look into this further.

B.

**Brandin** · 02-04-2018, 01:29 PM

Nevermind it is just my bad code! I have a patch for this and it will go out in the next round. Note the patch only resolves the conflict for those in the master account array, since this isn't really a bug, its a safety feature that can be turned off in the ACP.

levitt1313 · 02-04-2018, 03:39 PM

Thanks guys for the quick reply. So Brandin are you saying that even if I update to the latest version I will still see the problem I am experiencing? The reason I ask is that I am using UserSpice to secure data behind the Federal Highway Administration's website I built for them and they get very nervous when I do updates to their site so unless a major security issue comes up I wait until a few updates come out before I bring the site up to date. I work for the Highway Safety Research Center at the University of North Carolina and use UserSpice any time I can. Smile

**Brandin** · 02-04-2018, 04:03 PM

You can disable this option, sorry I had mentioned that.

It's in the Admin Panel, under Site Settings, "Permission Restrictions". The issue of Master Accounts not being able to modify everyones permissions will be resolved, but otherwise it's not a bug, it's a feature Wink

Undocumented of course lol.

B.

levitt1313 · 02-04-2018, 04:13 PM

Just checked that setting and it already is set to disabled and nothing changes if I enable it or not all radio buttons except the administrator permission are read only still. This is for a user that has User permissions only so I can't add or remove any permissions except add administrator or remove administrator.

levitt1313 · 02-04-2018, 04:18 PM

Another odd thing is when logged in as Admin, I try to add permissions to myself they are also readonly.

**Brandin** · 02-04-2018, 05:14 PM

Now that, is a bug! Both of those actually. The second one you mentioned was the one I discussed I patched today. The other one, I just patched. I made the setting, and wasn't using it! We plan on deploying this Monday (hopefully!)

Login




Remember me Lost Password?