Skip to content
This repository has been archived by the owner on Dec 3, 2019. It is now read-only.

Move subadmin middleware to app #16

Merged
merged 1 commit into from
Mar 29, 2018
Merged

Move subadmin middleware to app #16

merged 1 commit into from
Mar 29, 2018

Conversation

DeepDiver1975
Copy link
Contributor

No description provided.

@DeepDiver1975 DeepDiver1975 self-assigned this Mar 29, 2018
@DeepDiver1975 DeepDiver1975 added this to the development milestone Mar 29, 2018
phil-davis
phil-davis reviewed Mar 29, 2018
View reviewed changes
lib/AppInfo/Application.php Outdated
@@ -0,0 +1,32 @@
<?php
/**
* Created by PhpStorm.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should have a standard ownCloud header?

@phil-davis
Copy link
Contributor

Working from a UI POV:

  • login as admin, create auser in admin group, buser unpriv
  • login as auser, try to go to Users page, works. add a user, put in a group... - works.
  • login as buser, try to go to Users page, "access forbidden"

So unpriv users cannot get to the webUI users page.

Is the Users page using some different endpoint underneath? That would need to be check to make sure that an an unpriv user cannot POST transactions to that endpoint "manually".

Somehow we should run core API test features like auth and provisioning-v1 with the user_management app installed and enabled. That will confirm that user/group creation... still "behaves itself" when the user_management app is enabled.

@DeepDiver1975 DeepDiver1975 force-pushed the bugfix/no-access-to-unpriviledged-users branch from 78d568a to 85eb94c Compare March 29, 2018 12:17
@DeepDiver1975
Copy link
Contributor Author

Is the Users page using some different endpoint underneath? That would need to be check to make sure that an an unpriv user cannot POST transactions to that endpoint "manually".

the app has own routes to interact with - see the routes.php file

@phil-davis
Copy link
Contributor

As an admin, go to:

http://localhost:8080/index.php/apps/user_management/users

JSON of user data is returned.

Do the same as unpriv user => access forbidden

Good.

phil-davis
phil-davis approved these changes Mar 29, 2018
View reviewed changes
Copy link
Contributor

@phil-davis phil-davis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

works

@phil-davis phil-davis mentioned this pull request Mar 29, 2018
Merged
9 tasks
@codecov-io
Copy link

codecov-io commented Mar 29, 2018
edited
Loading

Codecov Report

Merging #16 into master will increase coverage by 0.62%.
The diff coverage is 96%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master      #16      +/-   ##
============================================
+ Coverage     77.22%   77.85%   +0.62%     
- Complexity      176      186      +10     
============================================
  Files            17       19       +2     
  Lines           729      754      +25     
============================================
+ Hits            563      587      +24     
- Misses          166      167       +1
Impacted Files Coverage Δ Complexity Δ
lib/SubadminMiddleware.php 100% <100%> (ø) 8 <8> (?)
lib/AppInfo/Application.php 83.33% <83.33%> (ø) 2 <2> (?)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f91ab18...85eb94c. Read the comment docs.

@DeepDiver1975 DeepDiver1975 merged commit 92bd03a into master Mar 29, 2018
@DeepDiver1975 DeepDiver1975 deleted the bugfix/no-access-to-unpriviledged-users branch March 29, 2018 13:50
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@phil-davis phil-davis phil-davis approved these changes

@felixheidecke felixheidecke Awaiting requested review from felixheidecke

Assignees

@DeepDiver1975 DeepDiver1975

Labels
None yet
Projects
None yet
Milestone
development
Development

Successfully merging this pull request may close these issues.
3 participants
@DeepDiver1975 @phil-davis @codecov-io