#1327 (ok 4.4) Hide 'Add user' link if user does not have privileges

[pb30]

If user does not have necessary privileges, hide the 'Add user' or 'Edit user' links

[Marc Delisle]

To which phpMyAdmin are you referring?
With the current 3.4.9 version, a user in the situation you describe does not see the "Privileges" link.
If you are describing a bug, please give more details about how to create this problematic user who is seeing these links.

[pb30]

Tested on version 3.4.9, using signon for auth_type, MySQL 5.0.51a

I'm using the following to allow a generic staff user to view all users, but it cannot add/edit users (however the add/edit links still appear).

GRANT SELECT ON `mysql`.* TO 'staff'@'localhost';

GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE ON `%`.* TO 'staff'@'localhost';

[Marc Delisle]

Thanks. Indeed, the current test that is done to determine if the person is a super user is to try a SELECT on mysql.user.

[Sameera Kannangara]

Problem of showing 'Add user' or 'Edit user' links for unprivileged users is fixed at [1]
Please review provided fix.

[1] https://github.com/phpmyadmin/phpmyadmin/pull/276

[Sameera Kannangara]

[Sameera Kannangara]

Think the 'Edit user' links in the "Users overview" page should also be removed for unprivileged users.
Shall I report this as a seperate feature-request or should this be added to this request?

[Sameera Kannangara]

feature request added for above scenario at [1]

[1] https://sourceforge.net/p/phpmyadmin/feature-requests/1420/

[anr]

Is it resolved?

[Marc Delisle]

No, see the next page of this ticket.

[Isaac Bennetch]

Is this resolved, then?

[Marc Delisle]

Isaac,
no, the pull request had been closed by the submitter.

[Madhura Jayaratne]

Fixed with https://github.com/phpmyadmin/phpmyadmin/commit/177b1101053e9520dc19fd0a31db7bff56995066