Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-6361

Site-level permissions are deleted when permissions are edited and inherited permissions exist

    Details

    • Type: Bug
    • Status: CLOSED
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.3.0, 2.3.1, 2.3.2, 2.3.x, 2.4.0, 2.4.1, 2.5.0, 2.5.2, 2.5.3
    • Fix Version/s: 10.0
    • Labels:
      None

      Description

      When editing permissions on a site, if permissions are inherited from realms such as !site.helper, then site-level permissions that are masked by the inherited permissions are removed upon clicking the "save" button on the permissions editor.

      To duplicate, given a fresh Sakai installation:

      • login as admin
      • create a new user "user2"
      • create a new project site "site2"
      • add the resources tool
      • add user2 to site2 in the maintain role
      • login as user2
      • open site2
      • open resources tool
      • verify ability to list resources, add resources, etc
      • verify resources permissions: maintain role has all permissions
      • login as admin
      • open realms tool
      • open site2 realm
      • verify content.* permissions for "maintain" role in site2 realm
      • save realm permissions
      • open !site.helper realm
      • check "content.read" permission for "maintain" role
      • save realm permissions
      • login as user2
      • open site2
      • open resources tool
      • verify ability to list resources, add resources, etc
      • open permissions editor
      • verify "read" permission for "maintain" role has checkmark image, not checkbox
      • click "save"
      • login as admin
      • open realms tool
      • open site2 realm
      • verify "content.read" permission has been unchecked from "maintain" role

      Once this is done, if the !site.helper permission then goes away, the user will no longer have access to view the contents of the resources tool. I believe this is caused by the lack of corresponding HTML form fields for the inherited permissions. I was able to add hidden form fields corresponding to the inherited values to the HTML source of the permissions editor, and the permissions for the local site remained intact upon clicking "save".

      I have verified that this situation also occurs with the permissions editor on the Forms tool, but I have not tested any other tools for this behavior.

        Gliffy Diagrams

          Zeplin

            Attachments

              Issue Links

                Activity

                  People

                  Assignee:
                  buckett Matthew Buckett
                  Reporter:
                  daveadams David Adams
                  Votes:
                  0 Vote for this issue
                  Watchers:
                  8 Start watching this issue

                    Dates

                    Created:
                    Updated:
                    Resolved:

                      Git Integration