Open nicolasfranck opened 5 years ago
I understand the store builtin_users as for testing or development. This can be done differently, though. I can't imagine someone uses it in production
We use it in production to store the superuser
But @nicolasfranck is right, the feature is problematic, not one of my best ideas ;-)
@nicolasfranck what is the relation of this ticket to https://github.com/LibreCat/LibreCat/pull/747 ? Does this PR close this issue , is it unrelated to this issue , or something else?
@phochste issue #747 is about blocking the user that was selected. This is about how we should select a user.
The method get
and add
of this model are also contradicting each other: while add
updates data in the underlying bag and search_bag, the get
retrieves data from the first bag in a list.
For example, put this in config/catmandu.local.yml
..
user:
sources:
- store: builtin_users
username_attr: login
- store: search
bag: user
username_attr: login
..and you will strange behaviour:
/librecat/admin/account
/librecat/admin/account
, but if you return to the form nothing of the like will be visible.user->get
to retrieve, which should be correct, were it not that the get
is overwritten in LibreCat::Model::User
..Anyway, the record that is retrieved in /librecat/admin/account/edit/:id
should be the one from the bag
of the model. See my PR https://github.com/LibreCat/LibreCat/pull/912
@nicolasfranck is this one solved by PR #912 ?
@vpeil only partially. I made sure /librecat/admin/account
and others use the same underlying store, but this method is also used in other places.
@nics @phochste @vpeil @petrakohorst would it be an option to
store
to be either search
or main
bag
, and set it to bag user
alwaysOne can always use the builtin_users from the authentication layer (password check), but not as a whitelist.
The way whitelisting of users is done in librecat is not consistent: it makes promises that it cannot fulfil.
In the configuration you can have
This way you can:
That's all fine, but is does not force you to look in the main user database. The user that is returned by methods LibreCat::Model::User::find_by_username and LibreCat::Model::User::get is not necessarily contained in the internal user database.
Proposal:
Problems: