libretime icon indicating copy to clipboard operation
libretime copied to clipboard
verified publisher icon libretime

Admin user can remove their own administrator rights

Open gilsas opened this issue 7 years ago • 9 comments

Hi, I installed Libretime on a shared host for a friend and it all went well, ran flawless for weeks until yesterday - essentially the admin user seemingly lost administrator rights as I cannot access the settings anymore. It may originate from a bad move from the admin user himself downgrading his own privileges.. I tried reinstalling but it sure did not fix the problem, I guess the glitch is sunk deep in the PostgreSQL DB. This is a headless VM so postage is no easy option; phppgadmin would spoil my vhost... any suggestion welcome for an easy fix :-) Thanks!

gilsas avatar Jun 04 '18 20:06 gilsas

Ohh man, I guess this is probably a result of us removing Super admin. Seems like a bug. It could probably be fixed directly via pgsql commands. If you dropped the database and then reinstalled it would probably work as a super quick fix. This would of course also drop any tracks etc. I could look up and craft a command to fix this. Let me know if you want me to try to do this as I don't have a LibreTime development instance up right now.

I'm going to change the title of this too reflect the bug vs. the specific problem.

Robbt avatar Jun 05 '18 02:06 Robbt

Thank you Robb! I'll check with my friend if dropping the DB is acceptable otherwise I may get back to you - thank you so much for offering your help. I will also see if I do find an easy fix via pgsql commands and report back if succesful.

gilsas avatar Jun 05 '18 07:06 gilsas

I can confirm that as the admin user i was able to demote my own privileges. changes in my permissions did not happen until logging out and then in again.

@gilsas if you still need to edit your database, i'd try adminer. same functionality as phppgadmin, but in a single php file.

i'm re-labelling this issue as a part of some UI triage i'm doing. do we want to prevent users from demoting the last remaining admin level user? if not let's close this one.

frecuencialibre avatar Dec 27 '18 05:12 frecuencialibre

If you can connect to the database using psql you can set the admin flag on the admin user with the following SQL:

UPDATE cc_subjs SET type = 'A' WHERE login = 'admin';

To connect to the database as DB admin you can usually run psql through sudo like so:

sudo su - postgres -c 'psql airtime'

hairmare avatar Dec 27 '18 09:12 hairmare

This issue has been automatically marked as stale because it has not had activity in the last 5 months. It will be closed if no activity occurs in the next month. Please chat to us on discourse or ask for help on our chat if you have any questions or need further support with getting this issue resolved. You may also label an issue as pinned if you would like to make sure that it does not get closed by this bot.

stale[bot] avatar Oct 20 '19 20:10 stale[bot]

This is because the default admin created during the first install is only an admin A but not a superadmin.

To fix this we only need to set the user type to S for superadmin.

With a super admin you cannot delete the user:

image

jooola avatar Apr 29 '22 15:04 jooola

I think we should probably keep the superadmin role as the django api also has this "feature".

jooola avatar Apr 29 '22 15:04 jooola

Damn I should have read the entire ticket before posting. So the superuser role has been removed...

jooola avatar Apr 29 '22 15:04 jooola

Removing this from the 3.0.0 milestone, this will be handled once we rewrite the user management UI using django and Vue.

jooola avatar Jul 19 '22 14:07 jooola