Scenario: Let's say that the admin create and add the site global account. Regular users is given permission to use this when they create new posts to update the twitter stream. They are not allowed to create new global account, only add their personal. To me quite a normal setup for small/mid sized site.

Problem: Regular users now see the global twitter account at /user/[uid]/edit/twitter, they are allowed to change it and event delete from the site.

Solution: The global users account should not be listed under /user/[uid]/edit/twitter, this only confuses and we need to make sure that they are not allowed to change/delete the account.

How do we solve this? Dunno, perhaps by having a new access setting:
"Edit global accounts"
"Delete global account"

Comments

dRaz’s picture

+1 big issue for me

steinmb’s picture

Title: Security - All users with twitter global account access, should not be able to delte them » Security - Users with twitter global account access should not be able to delete account
steinmb’s picture

I think this also is related:

Scenario

  1. Drupal-user1 add a twitter account on a oauth enabled drupalsite. Default setting, not global.
  2. Drupal-user2 add the same twitter account to it's account.
  3. Drupal-user2 decide that it no longer need that twitter account associated with it's account and delete it.

Problem

The twitter account is correctly removed from Drupal-user2 user profile but is also removed from all other users that had this account added.

Edit: Looked at the twitter_account table description, and see that we are using the twitter_uid as 'The unique identifier of the {twitter_account}.")' so if two or more more users add the same account it simply get overwritten by the last user that added the twitter account. To me is this this not expected behavior.

Ourgateshead’s picture

Version: 6.x-3.x-dev » 6.x-3.0-beta9

Is there any progress on this.

This is a serious issue for me. I can't allow users to add their twitter accounts (a funtion that has been requested) as someone will at some point delete the global account

steinmb’s picture

Version: 6.x-3.0-beta9 » 6.x-3.x-dev

Pls. don't change the version. Patches and reviews is first added to dev. and then committed to be part of the next beta or rc.

I'll agree that this is not a good idea and it need to be fixed. Patches are welcome.

davidneedham’s picture

Status: Active » Postponed (maintainer needs more info)

#3 is a separate issue and should be created in a different ticket if it's still an issue.

"I'll agree that this is not a good idea and it need to be fixed. Patches are welcome." :-)

dddave’s picture

Version: 6.x-3.x-dev » 6.x-5.x-dev
xurizaemon’s picture

Version: 6.x-5.x-dev » 7.x-5.x-dev
Issue summary: View changes
Status: Postponed (maintainer needs more info) » Needs work
damienmckenna’s picture

Status: Needs work » Active

FYI "needs work" is only for when there's an actual patch file that needs to be further improved, it isn't a general flag to say "there's a problem that needs to be worked on" :)

damienmckenna’s picture

Title: Security - Users with twitter global account access should not be able to delete account » Users with twitter global account access should not be able to delete account

We can either change the system to only allow each Twitter account to be used once, but then have to work out how to handle existing installs that have the same account used by multiple people, or add some extra logic to twitter_account_delete() to only delete the tweets if the account was only in use by one user.

damienmckenna’s picture