Project

General

Profile

Actions

Bug #3454

closed

Acknowledge all notices is presented to users who do not have privilege

Added by Phillip Davis over 7 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Dashboard
Target version:
Start date:
02/15/2014
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:

Description

I have local users that are just for OpenVPN authentication. They just have access to the System: User Password page, so they can change their password as needed. I was changing this for myself, and happened to get a system notice about AutoConfigBackup (not particularly relevant what the notice is). It gave me the "Acknowledge All Notices" prompt. When I clicked on it, the notices area on the top-right blanked out, but was not replaced by the usual bit with the name of the router, and some error message was displayed, of which I could see just the last line - "document.location.href = 'https://nco-rt-01.net.inf.org//system_usermanager_passwordmg.php';" - see the screen shot.
The notice does not get acknowledged, because I suppose the user does not have the privilege to acknowledge notices.
Possible solution: only present the "Acknowledge" button to users that have enough privilege to use it.
Also think about whether to even present the "Unread notices" at all to users with restricted privs. Certainly for users that have just the change password page, then I don't really want them to see system notices. But users with "view all" privs I do want to see system notices, but they may not be able to acknowledge them - what are the real requirements for that?


Files

UserPassword.png (32.4 KB) UserPassword.png Phillip Davis, 02/15/2014 11:12 PM
Actions #1

Updated by Phillip Davis almost 5 years ago

Bug fix PR https://github.com/pfsense/pfsense/pull/3319

I will raise another feature issue to discuss what could be done for users who maybe should not be able to see and/or clear notices.

Actions #2

Updated by Phillip Davis almost 5 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #3

Updated by Phillip Davis almost 5 years ago

The changes here fix this bug report.
For a followon feature request to implement control of view/clear notices see:
https://redmine.pfsense.org/issues/7051

Actions #4

Updated by Renato Botelho almost 5 years ago

  • Status changed from Feedback to Resolved
Actions #5

Updated by Jim Pingle over 4 years ago

  • Target version set to 2.3.3
Actions

Also available in: Atom PDF