Mahara

Admin should not be allowed to delete themself via admin bulk delete

Bug #1574941 reported by Robert Lyon
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
High
Unassigned
Mahara 16.10.0

Bug Description

Currently it is possible to go to Administration -> Users and select some users, including yourself, and then bulk delete them.

The system should do at least these two checks:

1) Make sure the users you are deleting do not include the user you are logged in as / masquerading as
2) Make sure the users you are deleting leave at least one site admin on the site

Otherwise you can end up with pain

Revision history for this message
Robert Lyon (robertl-9) wrote :

preferably leave the site admin that is called 'admin' at user id= 1 if that exists

Kristina Hoeppner (kris-hoeppner)
Changed in mahara:
milestone: none → 16.10.0
status: New → Confirmed
importance: Undecided → High
Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/6937

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Patch for "master" branch: https://reviews.mahara.org/6938

Revision history for this message
Niranjan (niranjan528) wrote :

I can still delete the user that is logged in.

Tested in Mahara 16.04 and 16.10.

Revision history for this message
Niranjan (niranjan528) wrote :

Tested this on both Mahara 16.04 and 16.10 and it looks fine on all browsers( ff, edge, chrome) except safari. I will create a new bug for it.

Revision history for this message
Kristina Hoeppner (kris-hoeppner) wrote :

Ideally, there is no checkbox next to the administrator that is currently logged in to prevent any potential issues from the start.

Changed in mahara:
status: Confirmed → In Progress
Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/6937
Committed: https://git.mahara.org/mahara/mahara/commit/9811cb7ad860067fc386e9da5112e42719ab19b4
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 9811cb7ad860067fc386e9da5112e42719ab19b4
Author: Robert Lyon <email address hidden>
Date: Wed Sep 7 15:35:32 2016 +1200

Bug 1574941: Getting tab nav to remember open tab

When there is an error in the form.

Adjusted the setupTab to handle two different type of tab setups

behatnotneeded

Change-Id: I00d6c6199a9103858efea15e964d59ea1a94f519
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/6938
Committed: https://git.mahara.org/mahara/mahara/commit/2bac8857760b9b1aaa7b98ee9d869bf83e854e9f
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 2bac8857760b9b1aaa7b98ee9d869bf83e854e9f
Author: Robert Lyon <email address hidden>
Date: Wed Sep 7 16:14:33 2016 +1200

Bug 1574941: Adding bulk delete validation

To avoid:
1) Bulk deleting all users - by checking if you
are deleting yourself.
2) Bulk deleting all the site admins - which can happen if you are an
institutional admin and the site admin(s) are in the same institution

behatnotneeded

Change-Id: I4c33d9e54f14e688897275066d2ee128557d4465
Signed-off-by: Robert Lyon <email address hidden>

Robert Lyon (robertl-9)
Changed in mahara:
status: In Progress → Fix Committed
Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7170

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/7170
Committed: https://git.mahara.org/mahara/mahara/commit/0b05116a36b42ad2ec1f4f5f9e5a857259e66d68
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit 0b05116a36b42ad2ec1f4f5f9e5a857259e66d68
Author: Robert Lyon <email address hidden>
Date: Wed Sep 7 15:35:32 2016 +1200

Bug 1574941: Getting tab nav to remember open tab

When there is an error in the form.

Adjusted the setupTab to handle two different type of tab setups

behatnotneeded

Change-Id: I00d6c6199a9103858efea15e964d59ea1a94f519
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 9811cb7ad860067fc386e9da5112e42719ab19b4)

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "16.10_STABLE" branch: https://reviews.mahara.org/7171

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/7171
Committed: https://git.mahara.org/mahara/mahara/commit/07788736aac7ac45f47af71b8f4c641fdcbd3c80
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE

commit 07788736aac7ac45f47af71b8f4c641fdcbd3c80
Author: Robert Lyon <email address hidden>
Date: Wed Sep 7 16:14:33 2016 +1200

Bug 1574941: Adding bulk delete validation

To avoid:
1) Bulk deleting all users - by checking if you
are deleting yourself.
2) Bulk deleting all the site admins - which can happen if you are an
institutional admin and the site admin(s) are in the same institution

behatnotneeded

Change-Id: I4c33d9e54f14e688897275066d2ee128557d4465
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 2bac8857760b9b1aaa7b98ee9d869bf83e854e9f)

Robert Lyon (robertl-9)
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.