Help with user that is both an auditor and an admin

Issue #496 resolved
Scott Savarese created an issue

I configured LDAP to work, so users can login with their email address and password. In that configuration, I defined an auditor group and an admin group. My user is in both groups. I've found that when doing searches I only see the mail that I am a part of. I do not have full auditor rights. However, I do have full admin rights to the system.

If a user is part of both the admin and auditor groups, does one set of rights take preference over the other? I've confirmed that I am a member of the groups, and it looks like the webui does see me when it searches the groups.

Comments (5)

  1. Scott Savarese reporter

    Yeah... Would love a feature request such that we can have a user (me) in both groups, but for now I'll do my auditing with my personal account and my admin'ing with a admin@local account. Its more valuable to know that I did a search. I don't think I'll be making that many changes once it goes live.

  2. Janos SUTO repo owner

    Well, bitbucket is for feature requests, right? Try this:

    Edit config.php, and apply the following diff:

    diff --git a/webui/config.php b/webui/config.php
    index 7174baf..8c8c26b 100644
    --- a/webui/config.php
    +++ b/webui/config.php
    @@ -235,6 +235,8 @@ $config['MIN_PREFIX_LEN'] = 5;
     $config['CGI_INPUT_FIELD_WIDTH'] = 50;
     $config['CGI_INPUT_FIELD_HEIGHT'] = 7;
    
    +$config['ADMIN_CAN_POWER_SEARCH'] = 0;
    +
     $config['MEMCACHED_PREFIX'] = '_piler:';
     $config['MEMCACHED_TTL'] = 900;
    

    Then edit config-site.php, and add:

    $config['ADMIN_CAN_POWER_SEARCH'] = 1;
    

    And finally, apply this diff as well:

    index bfd05fb..e294d81 100644
    --- a/webui/system/misc.php
    +++ b/webui/system/misc.php
    @@ -56,6 +56,9 @@ function isAdminUser() {
     function isAuditorUser() {
        $session = Registry::get('session');
    
    +   if(ADMIN_CAN_POWER_SEARCH == 1 && Registry::get('admin_user') == 1) { return 1; }
    +
    +
        if($session->get("admin_user") == 2){ return 1; }
    
        return 0;
    
  3. Log in to comment