Bug #5664
openRegression: When assigning permissions, cannot see own group in auto-complete without special conditions
0%
Description
Previously, if you are in group "A", and you own a project. When you try to assign permissions to project, group "A" is available for auto-complete.
Now, if you are not super-admin, do not have at least "Read" access to the group from some other group you also belong to, then when you try to assign your own group to a project, you will notice it is not available for selection at all in auto-complete. And it will clear itself out when you try to type the exact name before saving.
If the group owner tries to assign permission "Read" to its own group, the user gets an error message saying cannot assign group permission to the same group.
Right now, we are using workaround to use 2 groups instead of one for each group that can own a project, and we will have to manually add user of one group to its duplicate group when new users are added. Then with Group "B", I can assign "Read" to group "A", and if group "B" contains all members of group A, all members will now be able to add group A to the project.
Affected Version: 4.25.2 (not available for selection in this bug report page)
Files
Updated by Marcin Kuzminski [CTO] over 3 years ago
Hi Yechen,
Could you provide a bit more examples with screenshots from RhodeCode ? We're uncertain if we understand the problem completly
Updated by Yechen Qiao over 3 years ago
- File clipboard-202107281153-xzysa.png clipboard-202107281153-xzysa.png added
- File clipboard-202107281154-7kch2.png clipboard-202107281154-7kch2.png added
Hi,
In this screen, I as admin user, added my regular user in group "Testing_Two"
However, when I try to add this group to repo, it does not appear in auto-complete. So it auto-clears out when I hit enter.
On further investigation, it seems if I rename the group to "Testing" without underscore, this works. So perhaps it's the underscore that broke it?
Updated by Marcin Kuzminski [CTO] over 3 years ago
Hi,
So actually we've identified this is a permission cache problem. When someone creates a new user group the cache for permissions is invalidated for this person only, so others won't see this user group. The rename invalidates cache for all that have read permissions so that's why you see this group then.
We're going to fix this on the next release asap.
Updated by Redmine Integration over 2 years ago
- Status changed from New to Resolved
Commit ccc560750759
by RhodeCode Admin admin@rhodecode.com on default
branch changed this issue.
https://code.rhodecode.com/rhodecode-enterprise-ce/changeset/ccc5607507592723976bca23bab6b5af9ddaf8e1