Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User Management: Admins Can Inadvertently Block Themselves Out. #203

Open
Samk13 opened this issue Apr 10, 2024 · 0 comments · May be fixed by inveniosoftware/invenio-users-resources#134
Open

User Management: Admins Can Inadvertently Block Themselves Out. #203

Samk13 opened this issue Apr 10, 2024 · 0 comments · May be fixed by inveniosoftware/invenio-users-resources#134
Labels
bug Something isn't working

Comments

@Samk13
Copy link
Member

Samk13 commented Apr 10, 2024
edited
Loading

Package version (if known): V12 latest

Describe the bug

Within the InvenioRDM Administration panel's User Management section, an admin has the ability to block their own account. This action immediately restricts access to the system for the admin, with no straightforward method available to revert this action from the UI. The only recourse is to contact a developer to manually restore access.

Steps to Reproduce

  1. Navigate to the Administration panel, under User Management.
  2. For your own admin user, click on the "Block" option.
  3. Observe that you are immediately logged out and blocked from accessing the system.

Expected behavior

Admin accounts should not have the option to block themselves.

Screenshots (if applicable)

Additional context
@Samk13 Samk13 added the bug Something isn't working label Apr 10, 2024
@Samk13 Samk13 changed the title Administration: Admins Can Inadvertently Block Themselves Out. User Management: Admins Can Inadvertently Block Themselves Out. Apr 10, 2024
Samk13 added a commit to Samk13/invenio-users-resources that referenced this issue Apr 26, 2024
@Samk13
moderation: add self-action prevention
6d9d9d2 
* Implement prevent_self_action decorator
* Prevent self-block, deactivate, impersonate
* Update tests for self-action prevention
* closes <inveniosoftware/invenio-administration#203>
@Samk13 Samk13 linked a pull request Apr 26, 2024 that will close this issue
Open
10 tasks
Samk13 added a commit to Samk13/invenio-users-resources that referenced this issue Apr 26, 2024
@Samk13
moderation: add self-action prevention
da26087 
* The problem is that an admin could block his own
  account. With this change it is possible to prevent
  the admin from doing that.
* Implement prevent_self_action decorator
* Prevent self-block, deactivate, impersonate
* Update tests for self-action prevention
* closes <inveniosoftware/invenio-administration#203>
Samk13 added a commit to Samk13/invenio-users-resources that referenced this issue Apr 30, 2024
@Samk13
moderation: add self-action prevention
b26d3c4 
* The problem is that an admin could block his own
  account. With this change it is possible to prevent
  the admin from doing that.
* Prevent self-action for: block, deactivate, impersonate, restore, activate and approve.
* Update tests for self-action prevention
* closes <inveniosoftware/invenio-administration#203>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

moderation: add self-action prevention Samk13/invenio-users-resources
1 participant
@Samk13