aces
[---]new permission 500 error
Describe the bug 500 error when admin removes a permission for a user that it itself does not have.
- Remove a permission from the admin user by changing the userID value in the user_perm_rel to the ID of one of your users. Note that the admin user will still see this permission, unchecked.
- Now try removing the permission from the user and see the error message that ensues
Step-by-Step let's assume your user is userID = 3 in user_perm_rel
UPDATE user_perm_rel SET userID = 3 WHERE permID = 84 Go to your admin account permissions and you will see
- [ ] DICOM Archive: View DICOMs - Own Sites
(This command assumes userID 3 is a user that you created and that userID 1 is admin)
- Now go into your user account and you will see
- [x] DICOM Archive: View DICOMs - Own Sites
Now uncheck this permission
- [ ] DICOM Archive: View DICOMs - Own Sites
and hit Save
You will get a 500 Error
What did you expect to happen? I expected the permission to be removed and the screen to refresh properly.
This seems like a "stretch" but it is a problem when you add a new permission: if you don't add it to your admin in user_perm_rel (which in this case userID = 1), admin can still assign it.
So, either
- Admin MUST have all permissions checked (including an added one) so that when it removes them from users, there is no 500 error or
- if Admin does not have the permission, admin can not assign it.
Browser Environment (please complete the following information):
- OS: UBUNTU 24
- Browser : Mozilla Firefox 138.0.1
Server Environment (if known): Note: We only support the most recent release of LORIS.
- LORIS Version: [e.g. 22.0.0]
- Linux distribution and Version: [e.g. Ubuntu 16.04, CentOS 7]
- MySQL/MariaDB Version: [e.g. MySQL 5.7, MariaDB 10.3]
Additional context Related to [(https://github.com/aces/Loris/pull/9762)]
