Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

YALB-1554: Remove "Platform admin" from options for site admins when adding or managing site users #426

Merged
merged 4 commits into from
Sep 19, 2023
Merged

YALB-1554: Remove "Platform admin" from options for site admins when adding or managing site users #426

merged 4 commits into from
Sep 19, 2023

Conversation

dblanken-yale
Copy link
Contributor

@dblanken-yale dblanken-yale commented Sep 18, 2023
edited by codechefmarc
Loading

YALB-1554: Remove "Platform admin" from options for site admins when adding or managing site users

Description of work

  • Adds and enables role_delegation module
  • Sets up role_delegation to only allow site admins to set site admin permission levels
  • Update CAS bulk update form to use the role_deleagation module's settings to determine options to select from

Functional testing steps:

  • Log in as the admin
  • Open the same site in an Incognito window and log in as your own CAS user
  • On both sites, visit People
  • Take note of your CAS user's access level--it should be only Platform administrator; if not, please set it on the admin user account's page

Test adding non-CAS users

  • Do the following as your CAS user:
    • Click Add User in the upper right corner
    • Add in bogus data and ensure that on your logged in user side
    • Verify that you have two options available for roles, Platform administrator and Site administrator
    • Click submit and verify that the user you added has that role

Test adding CAS users

  • Do the following as your CAS user:
    • Click Add CAS user(s) in the upper right corner
    • Add gas users, but verify that currently you have two roles available to select from, Platform administrator and Site administrator
  • As your admin user:
    • Find your CAS username in the people list and edit
    • Unselect Platform administrator and ensure that Site administrator is selected and save.
  • As your CAS user:
    • Refresh the page; you should now only see Site administrator as the only role you can assign
    • Add any CAS users you can think of and submit
    • Verify that those users were added with the Site administrator role

NOTE: I noticed that each time our users log into the site via CAS, it gets the Platform administrator role. My assumption given the CAS group name used is that this does not happen for our users of the platform. If this is incorrect and any logged in CAS user gets this outside of our group, please let me know.

@dblanken-yale
feat(YALB-1554): add role_delegation module
63827f7
@dblanken-yale
feat(YALB-1554): enable role_delegation
b49b2f3
@dblanken-yale
feat(YALB-1554): set role_delegation permissions
0c15282
@dblanken-yale
fix(YALB-1554): bulk_add_cas_users respect role_delegate
2c60716 
The CAS module has a bulk add form which does not respect the role
delegation set in the role_delegegate module.  This overrides the
options for the role to only include those that they are allowed to set
specified by the role_delegate settings.
@dblanken-yale dblanken-yale self-assigned this Sep 18, 2023
@dblanken-yale dblanken-yale marked this pull request as ready for review September 18, 2023 15:50
@github-actions
Copy link

Visit Site

Created multidev environment pr-426 for yalesites-platform.

@codechefmarc
Copy link
Contributor

@dblanken-yale - I asked Vincent about this and he verified that by default, people get the "Site administrator" role, but we get "Platform admin" by default because we're all special devs. :)

codechefmarc
codechefmarc approved these changes Sep 18, 2023
View reviewed changes
Copy link
Contributor

@codechefmarc codechefmarc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This all worked for me - but I didn't add a CAS user that wasn't already on the site because I don't know a CAS username to add - if you have any examples I'm happy to test. But otherwise, all looked great to me. I've used role delegation in the past and it's really a good one. Approved!

@dblanken-yale
Copy link
Contributor Author

@codechefmarc Ah true, you can delete and attempt to re-add me if you'd like. I'm the db one. :D April was able to test also so I understand if you're moving on. :)

And thanks for checking with Vincent; I was in "image" mode during standup and forgot to ask. LOL

@dblanken-yale dblanken-yale merged commit 8173c1a into develop Sep 19, 2023
@dblanken-yale dblanken-yale deleted the YALB-1554-remove-platform-admin-from-options-for-site-admins-when-adding-or-managing-site-users branch September 19, 2023 15:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codechefmarc codechefmarc codechefmarc approved these changes

Assignees

@dblanken-yale dblanken-yale

Labels
pass code review pass functional review ready to merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dblanken-yale @codechefmarc