Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access denied #1114

Closed
techseria opened this issue Jun 12, 2019 · 2 comments
Closed

Access denied #1114

techseria opened this issue Jun 12, 2019 · 2 comments

Comments

@techseria
Copy link

We are getting access denied message for 2 menus though we are login as the admin user.

  1. Add Transmission
  2. Console
@jmiranda
Copy link
Member

You need to be a Superuser to access those menu items. We added the Superuser role because we needed to prevent access to sensitive features like these and to have a single role with the ability to delete database records.

There's a bug (although more of an intentional loophole) in the security code that allows a user with the Admin role to update their own user roles (as well as the user roles of others). Therefore, the admin user can upgrade their default user role to Superuser. I'm going to close this loophole in a future release, but I'll have a database migration to convert the admin user to Superuser before I make that change. The reason I didn't patch this earlier is because system administrators would need to make the user role change directly to the database, which I thought was less than appealing.

@techseria
Copy link
Author

We have fixed this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jmiranda