We need the role permission that allows you to view your own sites (and not others if the role doesn't have view all permissions as well). This permission exists for tasks although I don't think it currently works as it should.

CommentFileSizeAuthor
#13 535562.patch733 bytesmig5
#4 Screenshot-Hosted sites | Druployment - Iceweasel.png25.57 KBmig5

Comments

anarcat’s picture

anarcat commented
Status: Active » Postponed (maintainer needs more info)

I think the way it works right now is that you can see your own *client's* sites, and not the others. The client node has an ACL of which users can see its sites and that's how the permissions function.

Doesn't this work for you?

ac’s picture

ac
Primary language English
Location Perth
commented

Nope doesn't currently work as advertised. A client that only owns one site can see all sites at '/hosting/sites' when logged in. The role has the following permissions:

create migrate task
create site
view site
create backup task
create delete task
create disable task
create enable task
create restore task
view own tasks

I also tested this with the access content permission on and off. With it on you can view every site node, with it off you can't view any site node - even your own.

anarcat’s picture

anarcat commented
Priority: Normal » Critical
Status: Postponed (maintainer needs more info) » Needs work

Argh... okay, if that's true, then this is a real issue, and an RC bug.

Anonymous’s picture

Anonymous (not verified) commented
Category: feature » bug
StatusFileSize
new Screenshot-Hosted sites | Druployment - Iceweasel.png25.57 KB

I can't reproduce this on an rc2 > upgraded to rc3 site.

Screenshot attached. I created a Client called fred. In the global Clients settings, I have the option 'Automatically create user accounts for new clients.' checked.

I logged in as the fred user after the password was emailed to the user. No sites were viewable.

I created a site as fred. Only the site fred is viewable (screenshot attached)

Client role permissions:

edit own client
view client
create migrate task
create site
delete site
view site
create backup task
create delete task
create disable task
create enable task
create restore task
view own tasks
view task
access content

If I ever get an rc3 or HEAD installation actually working, i'll test that again.

anarcat’s picture

anarcat commented
Status: Needs work » Postponed (maintainer needs more info)

wait, mig5: did you had other sites outside of the 'fred' client? Because from your description it looks like you only created one site.

@acbot, can you test with latest head?

ac’s picture

ac
Primary language English
Location Perth
commented

I can confirm this is still a bug in rc3.. testing head

ac’s picture

ac
Primary language English
Location Perth
commented

Still an issue in HEAD

anarcat’s picture

anarcat commented
Status: Postponed (maintainer needs more info) » Active

i don't think i was able to reproduce either, and mig5 didn't. but since i trust acbot with testing, I'm reopening just so we take an extra look at this. i want 0.3 to be secure regarding client contamination.

@acbot - you can see the sites in the listing, but can you visit the site's node pages? can you edit the sites or create tasks on the site?

ac’s picture

ac
Primary language English
Location Perth
commented
Title: Add permission to 'view own sites' » Hosting taks permissions not working
Version: 6.x-0.3-rc2 » 6.x-0.3-rc3

I copied mig5's perms and rebuilt the node permissions which fixed a lot of things. hosting/sites now works correctly as does all the other permission stuff - with the exception of the tasks in the tabs.

Even though my role has permission to perform certain tasks (ie backup) it is not showing the tab and node/nid/site_backup is 403.
Can anyone reproduce this? I am about to reinstall aegir if I am the only one as I see to have a number of issues that can not be reproduced.

ac’s picture

ac
Primary language English
Location Perth
commented
Title: Hosting taks permissions not working » Hosting task permissions not working
Anonymous’s picture

Anonymous (not verified) commented

mig5: did you had other sites outside of the 'fred' client? Because from your description it looks like you only created one site.

I didn't bother showing the other main client's sites as I thought i inferred it :) I had about 9 other sites on the other client.

Acbot i didn't look at the available tabs, I'll try and reproduce

Anonymous’s picture

Anonymous (not verified) commented

acbot I am reproducing your issues: no tabs are shown for the client on a site node, and calling the backup URL directly ie

http://aegir5.home.mig5.net/node/75/site_backup

throws an Access Denied 403.

This is on rc3 (not upgraded from rc2, but fresh)

Anonymous’s picture

Anonymous (not verified) commented
Status: Active » Needs review
StatusFileSize
new 535562.patch733 bytes

Patch against HEAD attached that fixes the missing tabs. in hosting/task/hosting_task.module on function hosting_task_menu_access($node, $task), we check for user_access like this:

if (user_access("create " . $task . " node")) {

but it should be 

if (user_access("create " . $task . " task")) {

I checked first and I can't see any 'create (foo) node' permissions being set anywhere, only task. In any case this certainly fixes it.

Cheers

ac’s picture

ac
Primary language English
Location Perth
commented
Status: Needs review » Reviewed & tested by the community

This works. Nice one.

anarcat’s picture

anarcat commented
Status: Reviewed & tested by the community » Fixed

patch committed without further testing, thanks!

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.