User Management

[zawapete]

Note

• [x] You may try to follow the update procedure described in the README and try again before opening this issue.
• [x] Before asking for something, please check the F.A.Q..
• [x] Before opening a bug issue, please check the Troubleshooting wiki section.
• [x] If you want to contribute to the project please review the contributing guidelines.
• [x] Keep in mind that Flood is a FLOSS (Free, Libre and Open Source Software), so please try to provide a PR when opening a bug issue. Without contributions the project can't live and with your help fix and request will come faster.
• [x] The project is accepting issues (bugs report), feature or enhancement requests, discussions and questions but not personal support.

Summary

At the moment the Authentication tab is open to every user, regardless the use is admin or not (isAdmin flag introduced with multi rtorrent instance feature)

Expected Behavior

Authentication tab should not render user management for not admin users Server CRUD on user should be forbidden for not admin users

Current Behavior

Every user is able to manage other users regardless of the admin status

Context

Shared seedbox administrator cannot rely totally on flood since it gives more permissions that it should to not administrator users

[noraj]

Related PR : #718

[bqv]

Can this be fixed for the "flood can't connect" page too

[bqv]

The page to configure flood host and port is shown even to non admins if it fails even once, and I can't get it to stop without deleting and recreating the user

[zawapete]

sorry, closed by mistake