@mattab opened this Issue on January 21st 2014 Owner

The feature to be able to have several Super Users is becoming more important, and many users have requested it in the forums and in #2589

Tasks:

  • Create superAdmin permission. The superAdmin permission is equivalent to the currently "superUser" in terms of power.
  • The user stored in the config file has always superAdmin permission.
  • Code: change all calls to checkUserIsSuperUser to: checkUserHasSuperAdmin permissions, setUserIsSuperUser becomes setUserHasSuperAdmin, checkUserIsSuperUserOrTheUser -> checkUserIsTheUserOrHasSuperAdmin
  • Add / update unit tests

Note:

  • the Super User stored in the config file will never lose its super admin capability. But other users with SuperAdmin permission can lose it
  • The UI for setting Super Admin permission is out of scope, it is covered in #2589
@tsteur commented on January 22nd 2014 Owner

In e4b425b9757abc94749dae6d37884a18a3be3919: refs #4564 #2589 added possibility to define multiple superusers

@tsteur commented on January 22nd 2014 Owner

In 743d7b8ac1a9840c11ef1956efe068d1cf062c85: refs #4564 #2589 do not allow to edit a users websites permissions if user is superuser. Reload page after successfully changing superuser permission to make sure it is afterwards possible to (edit / not edit) websites permissions

@tsteur commented on January 22nd 2014 Owner

In 265f4b9e1949250b2758b11bc1db0ffd546fe6e2: refs #4564 #2589 we need a small difference between superUser and configSuperUser

@tsteur commented on January 23rd 2014 Owner

In 743b92dd23a5c930c2d30f998a2dd0e96e22401c: refs #4564 some more fixes for config super user

@tsteur commented on January 23rd 2014 Owner

In bdb696724e36a72616f6cb19445ba770efab1422: refs #4564 restrict sites to login for all non super users

@tsteur commented on January 23rd 2014 Owner

In bda7796e8ffa5a75ef69d21dce5af74c04d29777: refs #4564 also check for the config user

@tsteur commented on January 23rd 2014 Owner

In 81e7f870124d2356c1784355e54fb4716901dfec: refs #4564 introducing new methods to make user a user has superuser access. Old methods will still work but are marked as deprecated and they will be removed in a future release

@tsteur commented on January 23rd 2014 Owner

In df54712a053b8ea326b2389a245de2a4b35fa4f7: refs #4564 introducing some more new methods for has superuser access. Old methods will still work but are marked as deprecated and they will be removed in a future release

@tsteur commented on January 23rd 2014 Owner

In cae8ff419eaee54f80c60beccec55755e2902421: refs #4564 added test to make sure the deprecated methods will be there as promised and removed afterwards

@tsteur commented on January 23rd 2014 Owner

In d8a69b158d6a5eff45e20e88b71fc2097fa9ee9d: refs #4564 fixed some permission issues and removed the todo tags

@tsteur commented on January 23rd 2014 Owner

In ff36d5e7b348bb995d8c604806389d4a304b5ad1: refs #4564 added missing method again to not break API and fix tests

@tsteur commented on January 23rd 2014 Owner

In ea48bbab88bfacd148d917411f90911b887ea59b: refs #4564 added db update (version number needs to be changed later probably) and renamed more methods

@tsteur commented on January 23rd 2014 Owner

In 71bf5fed434bbc93a1eaedccdb43f33c9419c473: refs #4564 added column superuser access

@tsteur commented on January 23rd 2014 Owner

In 0ffbe10c2ac6ed050724ef9db9796a320cb60896: refs #4564 fix sql

@tsteur commented on January 23rd 2014 Owner

In 57a182442f9f1e581434445fc3b63a4a4454a061: refs #4564 fix adding anonymous user is not possible

@tsteur commented on January 23rd 2014 Owner

In 838fea85adcfd80dab85f19a5c026de6b9b1d21c: refs #4564 fixing tests

@tsteur commented on January 23rd 2014 Owner

In 1c51265ecb93d2a6e0b4838da1e75f6a6bb800cb: refs #4564 deprecate some more methods

@tsteur commented on January 23rd 2014 Owner

In e3515a5aec5166a0e6d33b2157ec42c8068133ed: refs #4564 simplified login tests

@tsteur commented on January 23rd 2014 Owner

In 5d14a67b8e55d2f306b690333749cf0b4da8b89b: refs #4564 added some Login tests to make sure a user with super user access will be authenticated as super user

@tsteur commented on January 23rd 2014 Owner

In 8892cce8937536322555a36ae912ce255275664c: refs #4564 improved readability of the test

@tsteur commented on January 23rd 2014 Owner

In 0a2e2d37e2cc7beb29d17f0529592a45be6d25d5: refs #4564 added some more test cases and removed some obsolete comments

@tsteur commented on January 23rd 2014 Owner

In 67202fce8298ee2d28242b33a5ba6b0f0aa28756: refs #4564 whitespace

@tsteur commented on January 23rd 2014 Owner

In 91defb41ce804743a3fd378a6dcab1f6036af6ef: refs #4564 some more tests, also grepped for different superuser terms and updated some test names

@tsteur commented on January 24th 2014 Owner

In ee5aba1f4cb88f01bf8239f585d54aefd58b8460: refs #4564 fix tests

@tsteur commented on January 24th 2014 Owner

current status of #2589 and #4564 and #4582

It should work so far. As discussed user role is "SuperUser" not "SuperAdmin". Once a superUser role is set you "lose" all previous custom access because you gain permission to everything anyway. Updated/Added tests, renamed methods, added UI. Also tested whether scheduled tasks still work and looks good.

Needs to be done:

  • Update documentation
  • In blog post inform about deprecated methods which will be removed in the future

I have some changes in the submodules but haven't committed them to keep it simple. It should work though but haven't tested it.

@tsteur commented on January 27th 2014 Owner

In da54aa431dbfab269fb21cafa489e37132c3a0e9: refs #4564 some bugfixes, documentation and tests

@tsteur commented on January 27th 2014 Owner

In e6133ac7e147e40701d98ff79d0e2a8c4f27d6ed: refs #4564 skipping languagesManager test to fix build

@tsteur commented on January 27th 2014 Owner

In 08f33b6b9a6f5f9572befbc5718fa683e241a232: refs #4564 deprecated method was used

@tsteur commented on January 27th 2014 Owner

In e6daa616920d667fb40be3d8f72a94581484d15c: refs #4564 add superuser before running the ui tests

@mattab commented on January 28th 2014 Owner

In 92c88a3e04ba69739c948cce6b609eb0b4127273: 2.0.4-b5 including schema change for Super Use access refs #4564

@mattab commented on January 28th 2014 Owner

In e012b22f224c84b751e949b458627ebe30a4dca9: Prevent notice on the Upgrade screen when triggering 2.0.4-b5 refs #4564

@mattab commented on January 28th 2014 Owner

In f81dcbc39466293c02d24f979f618734dfd00448: Capitalizing Super User for consistency refs #4564

@tsteur commented on January 28th 2014 Owner

In 0dab4f583114eb48bf9c697effe58ffcba6f70e1: refs #4564 faster check in case user is the current user

@tsteur commented on January 28th 2014 Owner

In dabec290e2f1544704df399f17bff41896b19904: Merge pull request #212 from piwik/multi_superuser

refs #4564 #2589 support for multi superuser

@tsteur commented on January 28th 2014 Owner

In b9e667fad1b6c026b84618866a7200684071a6a3: refs #4564 password has to be at least 6 characters

@tsteur commented on January 28th 2014 Owner

In fb6775bfa355fac48b6a82a114d196437da8c69f: refs #4564 added method to not break api

@tsteur commented on January 29th 2014 Owner

In 88bca63cb80a87e22da1f1accb587b06c840ce14: refs #4564 throw a updateErrorException in case of any exception during the update

@tsteur commented on January 29th 2014 Owner

In f3865117b0069b836567b862147b071b50ea43b9: refs #4564 avoid possible failure during update because of missing permissions -> Get the option value of delegated management directly

@tsteur commented on January 29th 2014 Owner

In 8d313b018e3e37a1bc556369bb909d265493d457: refs #4564 cleanup and make sure a new user does not get super user access

@tsteur commented on January 29th 2014 Owner

In 9e20f5aae2482dd9c51ab5b2b5d07014a8e0561d: refs #4564 fix method names

@tsteur commented on January 30th 2014 Owner

In 0e6ec5d9a0d3405ea32001ab57bf2a293c462f7b: refs #4564 fixes Login\Auth not found when generating Visits

@mattab commented on January 30th 2014 Owner
@mattab commented on January 30th 2014 Owner

Well done Thomas!!

@tsteur commented on January 30th 2014 Owner

In 0e366abbeaed369664267ecb50a204d1b1b937d1: refs #4564 instead of moving the option entry -> copy it. Makes sure the superuser still sees the configured phone numbers after migration

@tsteur commented on January 31st 2014 Owner

In 7250284dd1c24637e5a4416c047af05e66951d42: refs #4564 get the superuser from database

@tsteur commented on January 31st 2014 Owner

In ac7731074c83c97d0583addb326640c808dd85a8: refs #4564 fix import logs and archive.sh did no longer work because there is no longer a superuser in the config. Read directly the tokenauth of any superuser from a generated file instead. The updatetoken.php will create a file containing the needed token in tmp/cache which will not be served by default (on apache). Also the script contains directly an exit to avoid execution or anything from the browser or cli

@tsteur commented on January 31st 2014 Owner

In a3611382c2a59de50e3d11a69ae74ec1b6630727: refs #4564 test whether import_logs.py script can find the token_auth automatically

@tsteur commented on January 31st 2014 Owner

In 4bc46c347e19bc032861aa37cf903a250f247a78: refs #4564 we have to get the token from the piwik_tests database

@tsteur commented on January 31st 2014 Owner

In d4839f17e784e981d8c6b80082cf726e19cd3601: refs #4564 it does not accept a parameter

This Issue was closed on February 9th 2014
Powered by GitHub Issue Mirror