Restricted administrators

vasek
2011-01-31
2013-05-14
  • vasek
    vasek
    2011-01-31

    Hi Tom,
    thank you for writing this project, this is exactly what I was looking for. I need to delegate administration of parts of the repository to selected people and your tool seems to be the only one to be capable of that.

    However, I am having some difficulty to get this to work. I hope it is just my misunderstanding of some concepts.

    * I have created a user "A" who can just add people and give them access rights
    * I have created a project where "A" is the responsible person

    Now, I have two problems:
    1. the user "A" can add users with full control over a repository. That way he can gain complete control over the administration. Can this be restricted so that users can be given only privileges lower or equal to those of the one who is creating the user?
    2. the user "A" can modify access rights to all existing projects, even to those where he is not the responsible person. Can access to project administration can be enforced only to "his" projects?

    Thanks,
    Vasek

     
  • Thomas Krieger
    Thomas Krieger
    2011-02-01

    Hi,

    you are right, in the current version there's this problem. I'm currently working on a new version which will have LDAP support. This version will address this privilege escalation issue.

    Regards

    Thomas

     
  • vasek
    vasek
    2011-02-01

    Hi,
    thanks for a quick answer. I have no experience with LDAP, so can not tell if it is the right solution.
    However, I think that the two problems I mentioned could be solved within the PHP code.
    I mean, when showing the add-user-form, we will limit the rights to those of the logged user.
    For the project administration, we display only projects where the logged user is in the responsible user list.
    Do you foresee any difficulty with that?

    If not, I can ask a colleague who knows PHP to have a look at it. If possible, we can scratch our own itch.
    Naturally, we would send all the patches to you.

    Best,
    Vasek

     
  • vasek
    vasek
    2011-02-12

    Sorry to bother you, I am quite lost now.
    Add access right gives me list of all projects on windows, but only list of projects with assigned responsible user on Linux.
    The same for editing of access rights.

    However, I tend to think that this is a mistake on linux. Looking at the code selectProject.php I see:
    if( $rightAllowed == "none" ) {                                                                                                                                                      
    } else {                                                                                                                                                                             
            $tSeeUserid                                                             = -1;                                                                                                
    }                                                                                                                                                                                    
                                                                                                                                                                                         
    I have it set to "delete" so I get immediattely int(-1)
    Next,

    if( $tSeeUserid != -1 ) {                                                                                                                                                            
            $id                                                                             = db_getIdByUserid( $SESSID_USERNAME, $dbh );                                                
            $tProjectIds                                                    = "";                                                                                                        
            $query                                                                  = "SELECT * " .                                                                                      
                                                                                      "  FROM ".$schema."svn_projects_responsible " .                                                    
                                                                                      " WHERE (user_id = $id) " .                                                                        
                                                                                      "   AND (deleted = '00000000000000')";                                                             
    } else {                                                                                                                                                                             
            $tProjectIds                                                    = "";                                                                                                        
            $query                                                                  = "SELECT * " .                                                                                      
                                                                                      "  FROM ".$schema."svn_projects_responsible " .                                                    
                                                                                      " WHERE (deleted = '00000000000000')";                                                             
    }    

    So, as I read the logic here: if the user has rights >"none" it has access to everything, right?
    Thats what I get on windows.

    However, in linux it works as I would like it, despite the logic above.

    I am not experienced with PHP. Any help where this behaviour might come from is appreciated.

     
  • vasek
    vasek
    2011-02-12

    Ouch, it has nothing to do with Linux. I had different setup there. It works as bad as on windows.

    I think the logic is strange to me. What is the purpose "-1" user here?
    Why to list project to someone with "none" access rights? He should not be able to change them anyway, right?