Help with user that is both an auditor and an admin
Issue #496
resolved
I configured LDAP to work, so users can login with their email address and password. In that configuration, I defined an auditor group and an admin group. My user is in both groups. I've found that when doing searches I only see the mail that I am a part of. I do not have full auditor rights. However, I do have full admin rights to the system.
If a user is part of both the admin and auditor groups, does one set of rights take preference over the other? I've confirmed that I am a member of the groups, and it looks like the webui does see me when it searches the groups.
Comments (5)
-
repo owner
-
repo owner
- changed status to resolved
I assume the answer makes sense.
-
reporter
Yeah... Would love a feature request such that we can have a user (me) in both groups, but for now I'll do my auditing with my personal account and my admin'ing with a admin@local account. Its more valuable to know that I did a search. I don't think I'll be making that many changes once it goes live.
-
repo owner
Well, bitbucket is for feature requests, right? Try this:
Edit config.php, and apply the following diff:
diff --git a/webui/config.php b/webui/config.php index 7174baf..8c8c26b 100644 --- a/webui/config.php +++ b/webui/config.php @@ -235,6 +235,8 @@ $config['MIN_PREFIX_LEN'] = 5; $config['CGI_INPUT_FIELD_WIDTH'] = 50; $config['CGI_INPUT_FIELD_HEIGHT'] = 7; +$config['ADMIN_CAN_POWER_SEARCH'] = 0; + $config['MEMCACHED_PREFIX'] = '_piler:'; $config['MEMCACHED_TTL'] = 900;Then edit config-site.php, and add:
$config['ADMIN_CAN_POWER_SEARCH'] = 1;And finally, apply this diff as well:
index bfd05fb..e294d81 100644 --- a/webui/system/misc.php +++ b/webui/system/misc.php @@ -56,6 +56,9 @@ function isAdminUser() { function isAuditorUser() { $session = Registry::get('session'); + if(ADMIN_CAN_POWER_SEARCH == 1 && Registry::get('admin_user') == 1) { return 1; } + + if($session->get("admin_user") == 2){ return 1; } return 0; -
reporter
Awesome! It works nicely.
- Log in to comment
Yes, exactly. The either admin or auditor role can be applied to the given user.