HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Strange behaviour with user roles - administrators can not do anything

Hi,

I adopt a existing vanilla forum for technical support. Version is 3.3. And know I have some strange behavior and want to ask for help:

We have only SSO Login.

When I make a user to an administrator, there will be set the userRole = 16 and I can see in dashboard, this user is now an administrator.

But the user seems not have full administrator rights. The user can not see the dashboard or can edit comments from other users.

My admin user has also the flat Admin = 1 in the table GDN_User, is also a super admin. With this user I am able to access the dashboard and edit comments.


My questions is:

Every user with roleId = 16 = administrator should be able to access the dashboard or edit comments - right?

Where can I look for the bug? Could it be a change in database structure, I mean perhaps a migration error to version 3.3? I have not done the migration, I get the forum as I described.


Thanks for help,

DaBonse

Comments

  • Check the permissions in the Role section of the dashboard. Your admins are only allowed what is shown there.

    Only the super admin has permission for everything.

  • "When I make a user to an administrator, there will be set the userRole = 16 and I can see in dashboard, this user is now an administrator."

    What facilitates your SSO? It appears you did this.. but you may have to log out / in to make sure the role get's propagated to Vanilla.

    Also, Roles are case sensitive.. so 'administrator' does not match up to 'Administrator'.

    Donovan

  • DaBonseDaBonse New
    edited December 2019

    @R_J:

    I checked permission section in Dashboard for administrator. Think, there is everything active. But I did not found a specific setting for access to dashboard.

    @donovanb:

    I use jsConnect to make the SSO. SSO works. But I guess now also, the SSO overwrites the user roles with every login. I will check the other side of SSO.  Maybe this is the solution.

  • Do post your jsConnect code and let's take a look.

    jsConnect will not overwrite user roles, but maps to and uses it.

    If your linking code has inaccuracies then you'd get unexpected results with user roles.

  • I have removed SSO transfer of any user roles to vanilla. Because this is an optional field and there is no need to transfer this information. In first tests, it seems to work correctly. I will investigate it a little bit longer, but I think this was the bug.

Sign In or Register to comment.