Project

General

Profile

Actions
Copy link

Bug #7253

closed

unable to modify user in UI as it incorrectly states "Administrator cannot be removed from the last admin account"

Added by Thomas McKay over 9 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Dominic Cleal
Category:
Authentication
Target version:
1.6.0
Difficulty:
Triaged:
Bugzilla link:
1133679
Pull request:
https://github.com/theforeman/foreman/pull/1749
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

The bit of code in app/model/user.rb ensure_last_admin_remains_admin()

!new_record? && admin_changed? && !admin && User.unscoped.only_admin.except_hidden.size <= 1

evaluates (incorrectly) to true.

User.unscoped.only_admin.except_hidden.size = 1

Why is more than one admin required?

Actions
Copy link
 #1

Updated by Thomas McKay over 9 years ago

  • Bugzilla link set to 1133679
Actions
Copy link
 #2

Updated by Dominic Cleal over 9 years ago

  • Status changed from New to Feedback

Under what conditions is this a problem? Any user? Any non-admin user? When only one admin user is present? Please provide reproducer steps.

At least one admin is required to retain administrative level access, else recovery methods are required to regain access.

Actions
Copy link
 #3

Updated by Thomas McKay over 9 years ago

  • Status changed from Feedback to New

I have one admin and when I edit users in the UI, it errors due to that line preventing any modification of users.

Actions
Copy link
 #4

Updated by Dominic Cleal over 9 years ago

  • Target version set to 1.7.4
  • translation missing: en.field_release set to 22

Reproducer:

1. create a non-admin user via the API (or another means, not the UI)
2. ensure the admin field is nil, not false:

2.0.0-p353 :001 > User.find_by_login("wraptest5").admin?
 => false 
2.0.0-p353 :002 > User.find_by_login("wraptest5").admin
 => nil

3. as an admin, edit the non-admin user

This means "admin_changed?" results in true as it moves from nil to false, rather than false to true as the expression was intended to catch.

[1] pry(#<User>)> changes
=> {"admin"=>[nil, false], ...
Actions
Copy link
 #5

Updated by Dominic Cleal over 9 years ago

  • Status changed from New to Assigned
  • Assignee set to Dominic Cleal
  • translation missing: en.field_release changed from 22 to 10
Actions
Copy link
 #6

Updated by The Foreman Bot over 9 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/1749 added
  • Pull request deleted ()
Actions
Copy link
 #7

Updated by Dominic Cleal over 9 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom PDF