-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Normalize user "Administrator" role on setup. #13086
Conversation
@jtkech I am not sure about this PR any more. Currently, we store the role name in the |
RokeNames is not stored as normalized
See my comment #12407 (comment) Hmm, normally better to use the |
Yes I understand. I am not using
|
Look directly User records in the Document table, sorry need to join my meeting |
No problem, I meant that e.g. in
Why not just using
At least we inject
So that's okay. About the Just retried with the current fix and then adding roles to a given user, what I got in the User Document.
That said one question, now that we add roles through recipes, is it a problem to still add the "Administrator" role in this setup event handler? Maybe features should still automatically add some system roles? |
Aside from refactoring or which service to use, I can't explain why my database has non-standard names. As mentioned before, one of my production instances is using OC v1.5 and it does not have normalized names. |
Is it migrated from an older version? How did you created your users? Anyway, as commented above we will not change which services are used directly or not. Hmm, even if in some places we are using What about my above question, is still okay to assign here the "Administrator" role that now may not exist? |
Also found this code in
Maybe we need at least the 2 system roles |
EmailConfirmed = true | ||
}; | ||
|
||
return _userService.CreateUserAsync(user, properties[SetupConstants.AdminPassword]?.ToString(), reportError); | ||
user.RoleNames.Add(_keyNormalizer.NormalizeName("Administrator")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think if you wan to use .Add()
you should check if the role exists first or not. Otherwise we could have another handler setting up the same role.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree, did it too quickly for testing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh yes, I thought about it but didn't do it as here we create a very new User()
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, what you think about this knowing that now the "Administrator" role may not exist.
For now I think that's okay because when we lookup User RoleNames, as I remember we compare them to existing Roles.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jtkech
Oh yes I noticed the user is created in the event. Maybe don't use .Add then it would be safer.
Good point on the roles. I think it is safe to add it since it won't add/remove value unless the roles module is enabled. But, maybe we can set the SuperUser property to true here on the new object here and don't set any role. Then we can add a new implementation to the Users event that would add Administrator rote only when the roles module is enabled. This new event would only be registered when Roles module is enabled
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes I used Add to not realloc a List.
Okay will look at the SuperUser property
I'm closing this one, integrated in #13104 |
On setup in the
SetupEventHandler
we set theuser.RoleNames
to a string array in place of a list, and with theAdministrator
role name in place of the normalizedADMINISTRATOR
.So, when saved in the database document we have.
If we save again, we no longer see the string array type, but the role is still not normalized.
If we add a role, only the new role is normalized.
After the fix, the role is normalized from the beginning, on setup.
It may explain in some places the need to be case insensitive when comparing normalized role names to user roles, and/or in other places maybe some unexpected behaviors.