[#10758] - Prevent Super User from demoting itself
- Fixed in Code Base
- 8 Jun 2016
- Medium
- Build: staging
- # 10758
- Diff
- roland-d:fix-superuser-change-superuser
- Success continuous-integration/travis-ci/pr The Travis CI build passed Details
- Success JTracker/HumanTestResults Human Test Results: 3 Successful 0 Failed. Details
User tests: Successful: Unsuccessful:
Summary of Changes
Currently it is possible as a super user to remove your own super user rights. This causes you to be locked out from your own site.
Testing Instructions
- Login to the administrator section as Super User
- Go to System -> Global Configuration -> Permissions
- Click on the Super Users tab
- Set the Super User option to Denied
- Success and you are locked out :)
- Fix the database so you can login by going to ID 1 in the assets table and set core.admin to {"8":1}
- Apply the patch
- Login to the administrator section as Super User
- Go to System -> Global Configuration -> Permissions
- Click on the Super Users tab
- Set the Super User option to Denied
- You are informed you cannot demote yourself and you stay logged in
Calling the troops @andrepereiradasilva and @infograf768
| Status | New | ⇒ | Pending |
| Milestone |
Added: |
||
joomla-cms-bot
- | Labels |
Added:
?
|
||
The error message I got was undefined
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10758.
@brianteeman are you using lates staging and refreshed the browser cache?
I have tested this item
Works as described.
Also can confirm jean-marie results.
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10758.
It was staging from this morning. Will update again and retest
On 8 June 2016 at 18:09, andrepereiradasilva notifications@github.com
wrote:
I have tested this item
✅ successfully on 85836c6
85836c6Works as described.
Also can confirm jean-marie results.
This comment was created with the J!Tracker Application
https://github.com/joomla/jissues at issues.joomla.org/joomla-cms/10758
https://issues.joomla.org/tracker/joomla-cms/10758.—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#10758 (comment),
or mute the thread
https://github.com/notifications/unsubscribe/ABPH8UaEAqmiuFAWy6UUVIf2iAZwVJDuks5qJvc8gaJpZM4IxHy3
.
Brian Teeman
Co-founder Joomla! and OpenSourceMatters Inc.
http://brian.teeman.net/
I have tested this item
Took a LOT of cache refreshes but i got there in the nd
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10758.
BTW maybe we should add ScriptVersion to permission.js ...
| Status | Pending | ⇒ | Ready to Commit |
rtc. thanks.
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10758.
| Labels |
Added:
?
|
||
wilsonge
- | Status | Ready to Commit | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2016-06-08 21:51:38 |
| Closed_By | ⇒ | wilsonge |
| Labels |
Removed:
?
|
||
I have tested this item✅ successfully on 85836c6
This works fine for a SuperUser in Global as well as in component permissions.
Note: it does not work for other groups. For example a group with Administrator as parent trying to change his own permission gets a spin (js error) and no message.
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10758.