Join the conversation

Wekan

Bugs

Wekan is an open-source kanban board (Trello like) which allows a card-based task and to-do management.

More active conversations

Wekan / Bugs

add user api ignores admin true parameter in body

Wekan/Bugs · April 9, 2020 at 10:29pm

add user api ignores admin true parameter in body

Wekan / Bugs · April 9, 2020 at 10:29pm

Create a board with an owner. Owner is a member with admin: true.

Add a member and as per api set action to add and isadmin to true. Added member is not an admin.

ie: that new member added does not get the icon permiiting archiving a board when you hover over the board.

If you look in mongo you see an array of the two users, under the key Members

The first item in that array is the one added to the board at board creation time as the owner and isadmin is set to true

The second member of the two element mongo array for that board is the added user and isadmin is set to false

in Both cases no comment and comment only and worker are all set as false

Load previous messages

April 11, 2020 at 8:15pm

Paul Verdone@pvcon13

8:15pm

when you click the archive icon the board disappears. If you go to the archive tabe nothing is inside with this user can see. So you can archive a board but no permissions to deleted the archive board

8:16pm

in another browser I had the same thing upen with the other owner user (the first admin for wekan. He can see the archived board under the archived tabe. It restores aand it can be deleted. If restores the other user can see if

8:17pm

so the users collect IsAdmin true does provide some of the feature but not all of it

8:19pm

Its would appear that a member has no persmissions to archive or delete even if the member isAdmin is set and what you send via the api does not matter. The users account determines if you can archive but not iuf you can actually delete and that archived boards are not visible excpet to the owenr or first admin for wekan

8:19pm

Thanks

Lauri Ojansivu@xet7

Team

8:25pm

I think users isAdmin does mean Wekan admin that has access to REST API and everything

8:25pm

Anyway, I need to think a lot and test before making any changes

8:26pm

so that I would not set wrong permissions

April 11, 2020 at 10:05pm

Paul Verdone@pvcon13

10:05pm

I will keep looking. I am getting closer :)

April 15, 2020 at 3:45pm

Paul Verdone@pvcon13

3:45pm

ok well I guess since the GUI and Mongo both show all members of a board as isAdmin in board and user collections and we still have a difference in behavior on deletions, and I cannot find anything in mongo that supports that difference in behavior it would appear then only thing I can do is have one member and that member be the owner

April 16, 2020 at 5:29pm

Paul Verdone@pvcon13

5:29pm

OK here is something I did not expect.

5:31pm

I made the owner the user member and I swapped that and made the former owner a member. THe former Owner is the FIRST admin that is created when you first install wekan. And even though the isAdmin true is set in the user collections and the board collections there is somethin special about that first admin

5:31pm

and as I expected the owner of a board has full deletion rights

5:32pm

so when you make the system first admin just a member and you make a regular user isAdmin true in both collects the owner.....

5:32pm

BOTH can delete archive and then both can see the archived boards and restore them or delete them

5:34pm

I have no idea why the first admin has extended rights. but this is what is happening. I tested back and forth. creating a new board/swimlane/member/list/card set through the api and then using the gui going back with two browsers each logged in as the two users

5:36pm

What I do not understand is where in Mongo (or other) that those distinctions are saved (that the board owner is special,) (that the first admin in the system is special)

April 16, 2020 at 7:22pm

Lauri Ojansivu@xet7

Team

7:22pm

I created issue/bounty about adding granular roles https://github.com/wekan/wekan/issues/3022

April 17, 2020 at 5:20pm

Lauri Ojansivu@xet7

Team

5:20pm

It seems that Keelan will be adding something to API https://github.com/wekan/wekan/issues/2096