Unable to access "System: Authentication servers" if "WebCfg - System: User Password Manager" is set
It seems that defining permission page-system-usermanager-passwordmg completely blocks users from accessing to the Authentication servers page of the user manager.
Steps for reproducing the issue :
- Create an user. Assign WebCfg - System: Authentication Servers , WebCfg - System: User Password Manager and WebCfg - Dashboard (all) to it. (WebCfg - Dashboard is not necessary, but it's better to have this permission for accessing the home page of pfSense)
- Log in as this user and try to access Authentication Servers page in the user manager.
- Enjoy :
It seems that I can still access this page by entering the correct url,
It's not a permission issue, rater a menu issue ("User Password" should display a menu showing "Authentication Servers" page).
#2 Updated by Jim Pingle 8 months ago
- Affected Version changed from 2.4.x to All
- Affected Architecture changed from amd64 to All
That page is hidden on purpose. You should only give users that permission if they do not have access to the user management page.
If a user can access the user manager, that page is not necessary.
This feels more like a user error with permission management to me.
We can work around that with changes similar to the PR, but the PR needs a change or two. Will leave comments there.