Project

General

Profile

Bug #5664

Regression: When assigning permissions, cannot see own group in auto-complete without special conditions

Added by Yechen Qiao 3 months ago. Updated 2 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
14.07.2021
Due date:
% Done:

0%

Estimated time:
Sorting:
Commit Number:
Affected Version:

Description

Previously, if you are in group "A", and you own a project. When you try to assign permissions to project, group "A" is available for auto-complete.

Now, if you are not super-admin, do not have at least "Read" access to the group from some other group you also belong to, then when you try to assign your own group to a project, you will notice it is not available for selection at all in auto-complete. And it will clear itself out when you try to type the exact name before saving.

If the group owner tries to assign permission "Read" to its own group, the user gets an error message saying cannot assign group permission to the same group.

Right now, we are using workaround to use 2 groups instead of one for each group that can own a project, and we will have to manually add user of one group to its duplicate group when new users are added. Then with Group "B", I can assign "Read" to group "A", and if group "B" contains all members of group A, all members will now be able to add group A to the project.

Affected Version: 4.25.2 (not available for selection in this bug report page)


Files

#1

Updated by Marcin Kuzminski [CTO] 2 months ago

Hi Yechen,

Could you provide a bit more examples with screenshots from RhodeCode ? We're uncertain if we understand the problem completly

#2

Updated by Yechen Qiao 2 months ago

Hi,


In this screen, I as admin user, added my regular user in group "Testing_Two"


However, when I try to add this group to repo, it does not appear in auto-complete. So it auto-clears out when I hit enter.

On further investigation, it seems if I rename the group to "Testing" without underscore, this works. So perhaps it's the underscore that broke it?

#3

Updated by Marcin Kuzminski [CTO] 2 months ago

Hi,

So actually we've identified this is a permission cache problem. When someone creates a new user group the cache for permissions is invalidated for this person only, so others won't see this user group. The rename invalidates cache for all that have read permissions so that's why you see this group then.
We're going to fix this on the next release asap.

Also available in: Atom PDF