Loading...
 
Skip to main content

Trackers, Permission; Permission and tracker properties options are unsafe and need improvements (what about editing?)

Status
Open
Subject
Trackers, Permission; Permission and tracker properties options are unsafe and need improvements (what about editing?)
Version
master
25.x
26.x
Category
  • Feature request
  • Consistency
  • Conflict of two features (each works well independently)
Feature
Trackers
Permission
Resolution status
Confirmed
Submitted by
Bernard Sfez / Tiki Specialist
Lastmod by
Bernard Sfez / Tiki Specialist
Rating
(0)
Description

On a Tiki25, I create a tracker with a username selector to be the owner of the items.

In the tracker properties, I set "User can see his own items".

User can see his own items
The tracker needs a user field with the item-owner activated. No extra permission is needed at the tracker permissions level to allow a user to see just his own items through Plugin TrackerList with the param view=user


And so, user can see his items and I can unassigned any tracker global permission.

I also set Restrict non admins to wiki page access only

Restrict non admins to wiki page access only
Only users with admin tracker permission (tiki_p_admin_trackers) can use the built-in tracker interfaces (tiki-view_tracker.php and tiki-view_tracker_item.php). This is useful if you want the users of these trackers to only access them via wiki pages, where you can use the various tracker plugins to embed forms and reports.


So I understand that only Admins can use the tracker interface.

And it is working fine.

However, if I need user to update their existing items using a modal in a plugin List (tracker-update) or inline-editing format the user see a permission denied.

I have to assign to the group the permission can change item (tiki_p_modify_tracker_items) and this allows users to edit his items on a plugin list.

But now;

  • Restrict non admins to wiki page access only as no more effect. (user sees the tracker interface (/trackers | list, the tracker content | /tiki-view_tracker.php?trackerId=xx and /itemxx | the tracker item)
  • They can edit any items (other users)


Which is pretty bad because it just cancelled:

  1. User can see his own items
  2. Restrict non admins to wiki page access only


There may be more with the tracker field additional permissions and other workaround, but this is just digging deeper and deeper.

In my point of view, it should be possible for an admin to set that user cannot see the tracker interface and can see/edit only their own items quickly (in the tracker properties) without risking display to one user items of another.

Importance
7
Easy to solve?
5
Priority
35
Demonstrate Bug on Tiki 19+
This bug has been demonstrated on show2.tiki.org
 Accessing the Tiki instance that demonstrates this bug

The URL for the show2.tiki.org instance that demonstrates this bug is at: http://bsfez-11581-8274.show2.tiki.org. Note that if you get a popup asking for a username/password, please just enter "show" and "show". This is different from the initial login and password for a new Tiki which is "admin" and "admin".

For the install log, see http://bsfez-11581-8274.show2.tiki.org/info.txt

Note that if you see PHP errors or a Tiki claiming to be missing third party software, the instance creation is probably not finished. Please wait a couple minutes and reload.

 Snapshots

Snapshots are database dumps of the configuration that developers can download for debugging. Once you have reproduced your bug on the show2.tiki.org instance, create a snapshot that can then be downloaded by developers for further investigation.

Snapshots can be accessed at: http://bsfez-11581-8274.show2.tiki.org/snapshots/. Note that if you get a popup asking for a username/password, please just enter "show" and "show".

Create new snapshot
Demonstrate Bug (older Tiki versions)
Please demonstrate your bug on show.tikiwiki.org
 About show.tikiwiki.org

To help developers solve the bug, we kindly request that you demonstrate your bug on a show.tikiwiki.org instance. To start, simply select a version and click on "Create show.tikiwiki.org instance". Once the instance is ready (in a minute or two), as indicated in the status window below, you can then access that instance, login (the initial admin username/password is "admin") and configure the Tiki to demonstrate your bug. Priority will be given to bugs that have been demonstrated on show.tikiwiki.org.

Version: Create show.tikiwiki.org instance
Ticket ID
8274
Created
Wednesday 21 December, 2022 06:13:34 GMT-0000
by Bernard Sfez / Tiki Specialist
LastModif
Wednesday 21 December, 2022 07:05:02 GMT-0000

Attachments

 filenamecreatedhitscommentversionfiletype 
No attachments for this item


Keywords

The following is a list of keywords that should serve as hubs for navigation within the Tiki development and should correspond to documentation keywords.

Each feature in Tiki has a wiki page which regroups all the bugs, requests for enhancements, etc. It is somewhat a form of wiki-based project management. You can also express your interest in a feature by adding it to your profile. You can also try out the Dynamic filter.

Accessibility (WAI & 508)
Accounting
Administration
Ajax
Articles & Submissions
Backlinks
Banner
Batch
BigBlueButton audio/video/chat/screensharing
Blog
Bookmark
Browser Compatibility
Calendar
Category
Chat
Comment
Communication Center
Consistency
Contacts Address book
Contact us
Content template
Contribution
Cookie
Copyright
Credits
Custom Home (and Group Home Page)
Database MySQL - MyISAM
Database MySQL - InnoDB
Date and Time
Debugger Console
Diagram
Directory (of hyperlinks)
Documentation link from Tiki to doc.tiki.org (Help System)
Docs
DogFood
Draw -superseded by Diagram
Dynamic Content
Preferences
Dynamic Variable
External Authentication
FAQ
Featured links
Feeds (RSS)
File Gallery
Forum
Friendship Network (Community)
Gantt
Group
Groupmail
Help
History
Hotword
HTML Page
i18n (Multilingual, l10n, Babelfish)
Image Gallery
Import-Export
Install
Integrator
Interoperability
Inter-User Messages
InterTiki
jQuery
Kaltura video management
Kanban
Karma
Live Support
Logs (system & action)
Lost edit protection
Mail-in
Map
Menu
Meta Tag
Missing features
Visual Mapping
Mobile
Mods
Modules
MultiTiki
MyTiki
Newsletter
Notepad
OS independence (Non-Linux, Windows/IIS, Mac, BSD)
Organic Groups (Self-managed Teams)
Packages
Payment
PDF
Performance Speed / Load / Compression / Cache
Permission
Poll
Profiles
Quiz
Rating
Realname
Report
Revision Approval
Scheduler
Score
Search engine optimization (SEO)
Search
Security
Semantic links
Share
Shopping Cart
Shoutbox
Site Identity
Slideshow
Smarty Template
Social Networking
Spam protection (Anti-bot CATPCHA)
Spellcheck
Spreadsheet
Staging and Approval
Stats
Survey
Syntax Highlighter (Codemirror)
Tablesorter
Tags
Task
Tell a Friend
Terms and Conditions
Theme
TikiTests
Federated Timesheets
Token Access
Toolbar (Quicktags)
Tours
Trackers
TRIM
User Administration
User Files
User Menu
Watch
Webmail and Groupmail
WebServices
Wiki History, page rename, etc
Wiki plugins extends basic syntax
Wiki syntax text area, parser, etc
Wiki structure (book and table of content)
Workspace and perspectives
WYSIWTSN
WYSIWYCA
WYSIWYG
XMLRPC
XMPP




Useful Tools