Admins and permissions...gone AWOL

[hughstl]

Just thought I'd ask this here, in case anyone else has come across it (I've advised Al of this)....

 

As the installer and therefore super-user, I created another administrator.  After she'd logged in she got back to me saying she couldn't do this and that function (uploading, changing detail etc.)....and I thought I'd probably missed some permissions thing in setting her up.  Sure enough there was a permissions tab which I hadn't completed.  Accordingly I set permissions for her, saved and logged out.  She responded and said she was now able to carry out the previously missing functions.  All good.

 

However.... today she got in touch again saying she couldn't delete files in the file manager.  Again I thought maybe I hadn't checked a box in the permissions tab, so I logged back in and brought up her account and...... to my surprise and consternation, there was NO permissions tab anymore!  There were just 'General' and 'Overview' tabs.

 

I can't believe that as Super User I can't log in and see one of my administrators' settings, including permissions to carry out admin functions.  And surely this can't be a 'single shot' affair where you only get one chance to set permissions?.....surely?

 

If it is, it's the only PHP script I've installed (and I've installed a lot of forums, blogs, CMS and other such scripts) where the super-user loses control of his administrators!

 

Hugh

[bsmither]

Here is my thought (not verified): since Charlotte is a Super-User (indicated by a green check), there is no relevance to having a permissions tab.

 

That said, when you first created Charlotte's account, we would like to know if Charlotte was made a Super-User at that time. If so, then from what I just said, the Permissions tab would not have shown.

 

That said, it may be the case where, if not a Super-User when created, once you gave permission for everything, CC5 made Charlotte into a Super-User. (But that sounds unlikely to me.)

 

Try unchecking Charlotte's Super-User status, Save, then look again at the settings.

[hughstl]

Thanks for reply bsmither.

 

You're right, it looks as though she is a super-user - but she was never created as one , I'm pretty sure I wouldn't do that! - although your logic about the tab not showing if she was a super-user is quite plausible.  But I'm sure I didn't create her as one.

 

I followed your advice to uncheck the super-user status, save, and then look at the settings again.  Sure enough the permissions tab reappears.

 

So I go into permissions and fix her ability to delete files in the file manager and save her permissions - saving then takes me back to the list of administrators page.  I click Charlotte's name again, just to check all's well, and you know what....she's a super-user again!

 

Something is going wrong with administrator status when saving permissions.

[Dirty Butter]

Tested on both our 5.14 stores, with the same result. Disabled a Super User and saved. Gave partial permission and saved. Opened Admin again and shows as back to Super User. Must be a bug.

[bsmither]

Ok, good to know. Gives me something to do today.

[bsmither]

Issue #205 created.

[bsmither]

In the file /admin/sources/settings.admins.inc.php, near line 47:

Was:
if ($record['super_user'] == '0' && $count <= 1) {
 
Now:
if ($record['super_user'] == '0' && $count <= 1 && Admin::getInstance()->superUser() && (int)$_POST['admin_id'] === (int)Admin::getInstance()->getId()) {

This denies the ability to demote an admin to non-super_user as long as there is only one super_user and that that super_user is not trying to demote himself.