Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

For super admins with no role set, treat them as administrators #689

Merged
merged 2 commits into from
Feb 5, 2024
Merged

For super admins with no role set, treat them as administrators #689

merged 2 commits into from
Feb 5, 2024

Conversation

dkotter
Copy link
Collaborator

@dkotter dkotter commented Feb 5, 2024
edited
Loading

Description of the Change

As discussed in #658, there's currently no option to set Super Admins in our role-based access for individual Features. This can result in Super Admins not having access to Features if they haven't been added as an administrator (or other allowed role) on a specific site.

We could allow Super Admins to have access to all Features but this feels a little heavy-handed. The approach we landed on and what is implemented in this PR is that anytime we check if a user has access based on their role, if we are on a multisite and the current user is a Super Admin and that user has no specific role set for that site, we set their role to administrator for checking purposes.

If a Super Admin has already been granted a specific role on a site, we use that role for checking and don't add an additional role on top of that. In addition, if a Feature has not granted access to administrators, Super Admins also won't have access.

Closes #658

How to test the Change

  1. Set up a multisite install with ClassifAI installed on at least one site in the network
  2. Set up a feature and enable role-based access, giving at least Administrators access
  3. Test with a Super Admin account that hasn't been added to that particular site; ensure whatever Feature you enabled works for them
  4. Enable user opt-out for that Feature; go to your profile and ensure you can opt-out of that Feature
  5. Change the access level for the Feature to not include administrators
  6. Ensure the Feature is no longer accessible and you don't see the option to opt out on their profile
  7. Change the access level for the Feature back to include administrators
  8. Add that Super Admin user to the site but give them Editor access
  9. Ensure the Feature no longer works for them and they no longer see the opt-out option on their profile

Changelog Entry

Changed - If on a multisite install, when handling user access based on role, if a Super Admin does not have a specific role on a site, treat that user as an administrator.

Credits

Props @dkotter, @jeffpaul, @gsarig

Checklist:

  • I agree to follow this project's Code of Conduct.
  • I have updated the documentation accordingly.
  • I have added tests to cover my change.
  • All new and existing tests pass.

@dkotter
When checking to see if a user has access based on their role, if the…
b33a8ac 
…y have no roles set on a site but they are a super admin, set their role to administrator
@dkotter
When checking to see if a user has access to opt out of a feature, if…
e8c37e7 
… they have no role set but are a super admin, set their role to administrator
@dkotter dkotter added this to the 3.0.0 milestone Feb 5, 2024
@dkotter dkotter self-assigned this Feb 5, 2024
@dkotter dkotter requested review from jeffpaul and a team as code owners February 5, 2024 03:55
@dkotter dkotter requested review from iamdharmesh and removed request for a team and jeffpaul February 5, 2024 03:55
iamdharmesh
iamdharmesh approved these changes Feb 5, 2024
View reviewed changes
Copy link
Member

@iamdharmesh iamdharmesh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding this @dkotter. PR LGTM and it tests well. 🚀

@iamdharmesh iamdharmesh merged commit f5e9c60 into develop Feb 5, 2024
13 checks passed
@iamdharmesh iamdharmesh deleted the fix/658 branch February 5, 2024 08:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iamdharmesh iamdharmesh iamdharmesh approved these changes

Assignees

@dkotter dkotter

Labels
None yet
Projects
None yet
Milestone
3.0.0
Development

Successfully merging this pull request may close these issues.

Super Admin access to the plugin's features
2 participants
@dkotter @iamdharmesh