We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Securiety User Role Label & Permissions Bug | Forum

idea
idea Jun 11 '12
Dear,
Recently updated my site www.ikbc.in to available latest software version 1.3.2 here I found a bug which was not in previous version. i'm unable to toggle (uncheck) the default label if users through "change role"button. keeping Securiety point in mind we set different type of user role label for a user in our site. if a new user registers himself at I our site, the new profile will be halted / restricted to use until moderator check and approve that new registered profile. Now after this update moderator is unable to uncheck/toggle and hence change default label. suppose moderator approves profile and moderator want to change the "by default" profile label "pending verification" (the label which have restricted permissions to access and use site) to "verified" profile the label which have full access to the site.
And second bug which is similar to the above ( toggling / check / uncheck) roles of moderators.
these bugs are serious and must have to be updated. Dear,
Recently updated my site www.ikbc.in to latest software version 1.3.2 here I found p
Attachments:
  2012-06-11 14.37.01.jpg (264.68Kb)
  2012-06-11 14.36.29.jpg (731.23Kb)
  2012-06-11 14.41.25.jpg (316.44Kb)
Michael I.
Michael I. Jun 20 '12
It is impossible to uncheck the default role since leaving members without roles at all is non logical.

What I recommend is to disable all services for default role and create a new one with those services available. Once member is approved he would receive that second role. Wouldn't this work for you?

idea
idea Jun 20 '12
Ya it didn't work dear...
I think you didn't properly viewed attachment provided..I'd created separate roles with different kind of access permission but as you stated if we keep default role checked, and it can't be editable then what will be the security law applied to that specific profile even if we check/apply that profile a new role..?
idea
idea Jun 22 '12
ohh moved to 1.4 with out resolving ?!
Michael I.
Michael I. Jun 22 '12
I don't understand your site concept. Let's say you have two roles - default (no services available) and approval (everything available). So what is the big deal of giving Approval role only to those profiles that are allowed to access the site?


We are not going to enable default role deletion in any of the upcoming builds since that would allow admins to have members without roles at all.


Specify your request if you believe I misunderstood it.

idea
idea Jun 22 '12
yes you didn't got my point dear..

practically try it..

*suppose a site having two {more} roles considering sites policy /norms..

*user sends joining request..

*user get's default "role label" - say " pending verification"..

*"pending verification" label have restricted "role permissions" for accessing site...

*admin/moderator inspects user profile for complying norms of site..

*admin/moderator found profile complying norm and changes "role label" - "pending verification" [restricted permission] to "verified" "role label" [full access permissions]..

*but what happens that as admin/moderator can't able to "toggle" the "default role label" the new user will not have the updated "verified" "role label" on his profile [look at that user he will have the same "pending verification" label role even after moderator changed the role label to "verified" "role label" also as the user have "pending verification" role label he is restricted to access the site]


got it? hope now i m able to make you understand...




idea
idea Jun 25 '12
no updates..!? 
Michael I.
Michael I. Jun 25 '12
Need to discuss it with our developers first. Will get back to you soon.
idea
idea Jun 26 '12
Thank you but it's not that light thing that any Webmaster can override this serious bug.. That any new user can easily have full access of site or a webmaster each time change the default role to approve any user.
idea
idea Jul 2 '12
any outcome..??!!
Michael I.
Michael I. Jul 2 '12
Will let you know when we have any updates. You can subscribe to new posts in this thread.
idea
idea Jul 14 '12
ok ..

but there should be a proper and perfect bug tracker i think{suggest}..

Michael I.
Michael I. Jul 18 '12
I spoke to our developers and they said that user roles should stack if you give multiple roles to the same member. So, if one role has no permissions and the other has all permissions, member will have all permissions when he is give both roles. Doesn't it work this way for you? If it doesn't, provide me with your Admin Area access details.
idea
idea Sep 9 '12
i think you didn't got the point yet..
Michael I.
Michael I. Sep 13 '12
I did get your point, and telling you that the way Oxwall user roles work is a proper way.
idea
idea Nov 11 '12
i don't agree with you..

please do go through this video of my site with oxwall software.. 

and think what is necessity of updation of bug of user roles..

#"Pn. Vrf" label have limited permission to access my oxwall powered site..

#"Pn.vrf." label is set to be default for each new registered user so that to have limited access to the oxwall powered site for security purpose.

#"Vrf" label have full access to oxwall powered site.. (the label changed/updated to each user after admin approval and changing user role, by removing"Pnvrf" and applying "Vrf")

#also there are several bugs like - when i'd set "user role permission" as "pen vrf" and given this label permission to see and read "blogs" and "links" but surprisingly it dosn't allow to view to "PnVrf" registered user, but at other side guest can read and see "blogs" and "links"...!


http://youtu.be/zX-uUxUBXE4



The Forum post is edited by idea Nov 11 '12
Alia Team
Alia Nov 12 '12
Idea, have you updated your software to the most recent version?
As I have understood, the main problem is that when your change the user role permissions are not being updated? Can you check in the new version and let me know the results.
idea
idea Nov 12 '12
yes i have latest version and the video is of same version issue..