Skip to main content

Cookie settings

We use cookies to ensure the basic functionalities of the website and to enhance your online experience. You can choose for each category to opt-in/out whenever you want.

Essential

Preferences

Analytics and statistics

Marketing

This proposal has been implemented

This incidence has been solved. Closed via #5383

Thank you for contributing!

Unauthorized actions with user manager roles

Avatar: AH
AH
Finished
If a user is given the user manager permissions, they cannot access many of the actions on the site. I believe this is unintentional since these users can still be real users of the system that need to perform actions on the site (the same way as "normal" admins can). I believe the reason can be found from the following line of code: https://github.com/decidim/decidim/blob/6ae0bf5ca4ce0baab332017f7fb6045a3b61c08b/decidim-core/app/permissions/decidim/permissions.rb#L14 The user manager permissions is overriding any other permissions that could be performed. At least the following is impossible when the user manager role is granted: - Accessing the "My account" page - Performing any actions that need authorization (e.g. leaving a proposal or voting for budget, when they are limited to a certain authorizer)
Comment

Confirm

Please log in

The password is too short.

Share