search

glpi-project / glpi

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing.
https://glpi-project.org
GNU General Public License v3.0
4.24k stars 1.29k forks source link

Tech profile has only read permission on the groups item. However, users with this profile can include and exclude groups #12002

Closed thallestorchi closed 2 years ago

thallestorchi commented 2 years ago

Code of Conduct

Is there an existing issue for this?

Version

9.5.7

Bug description

Tech profile has only read permission on the groups item.

However, users with this profile can include and exclude groups and the action of including is not registered a visible log in the history tab.

image

Relevant log output

No response

Page URL

No response

Steps To reproduce

  1. change profile to administrator
  2. Navigate to Home > Administration > Profile
  3. click on technical profile
  4. access the administration tab
  5. leave the read option checked for groups only
  6. switch to technical profile
  7. try to add and remove groups for users

Your GLPI setup information

[code]   GLPI 9.5.7 ( => /opt/app-root/src) Installation mode: GIT Current language:pt_BR -- Operating system: Linux glpi-17-sg65k 3.10.0-1062.el7.x86_64 #1 SMP Thu Jul 18 20:25:13 UTC 2019 x86_64 PHP 7.3.11 apache2handler (Core, PDO, Phar, Reflection, SPL, SimpleXML, Zend OPcache, apache2handler, apcu, bcmath, bz2, calendar, ctype, curl, date, dom, exif, fileinfo, filter, ftp, gd, gettext, gmp, hash, iconv, intl, json, ldap, libxml, mbstring, mysqli, mysqlnd, openssl, pcre, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, posix, session, shmop, soap, sockets, sqlite3, standard, sysvmsg, sysvsem, sysvshm, tokenizer, wddx, xml, xmlreader, xmlwriter, xsl, zip, zlib) Setup: max_execution_time="300" memory_limit="256M" post_max_size="200M" safe_mode="" session.save_handler="files" upload_max_filesize="200M" Software: Apache/2.4.34 (Red Hat) OpenSSL/1.0.2k-fips () Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36 Edg/97.0.1072.69 Server Software: MySQL Community Server (GPL) Server Version: 5.7.24 Server SQL Mode: Parameters: glpi@glpi-mysql/glpi Host info: glpi-mysql via TCP/IP PHP version is at least 7.2.0 - Perfect! Sessions support is available - Perfect! Allocated memory > 64 Mio - Perfect! mysqli extension is installed ctype extension is installed fileinfo extension is installed json extension is installed mbstring extension is installed iconv extension is installed zlib extension is installed curl extension is installed gd extension is installed simplexml extension is installed intl extension is installed ldap extension is installed apcu extension is installed Zend OPcache extension is installed xmlrpc extension is not present exif extension is installed zip extension is installed bz2 extension is installed sodium extension is not present Database version seems correct (5.7.24) - Perfect! Timezones seems loaded in database The log file has been created successfully. Write access to /glpi/files/_cache has been validated. Write access to /glpi/config has been validated. Write access to /glpi/files/_cron has been validated. Write access to /glpi/files has been validated. Write access to /glpi/files/_dumps has been validated. Write access to /glpi/files/_graphs has been validated. Write access to /glpi/files/_lock has been validated. Write access to /glpi/files/_pictures has been validated. Write access to /glpi/files/_plugins has been validated. Write access to /glpi/files/_rss has been validated. Write access to /glpi/files/_sessions has been validated. Write access to /glpi/files/_tmp has been validated. Write access to /glpi/files/_uploads has been validated. Write access to /glpi/marketplace has been validated. For security reasons, SELinux mode should be Enforcing. GLPI_ROOT: /opt/app-root/src GLPI_CONFIG_DIR: /glpi/config GLPI_LOG_DIR: /glpi/log GLPI_VAR_DIR: /glpi/files GLPI_MARKETPLACE_DIR: /glpi/marketplace GLPI_USE_CSRF_CHECK: 1 GLPI_CSRF_EXPIRES: 7200 GLPI_CSRF_MAX_TOKENS: 100 GLPI_USE_IDOR_CHECK: 1 GLPI_IDOR_EXPIRES: 7200 GLPI_ALLOW_IFRAME_IN_RICH_TEXT: GLPI_TELEMETRY_URI: https://telemetry.glpi-project.org GLPI_INSTALL_MODE: GIT GLPI_NETWORK_MAIL: glpi@teclib.com GLPI_NETWORK_SERVICES: https://services.glpi-network.com GLPI_MARKETPLACE_PRERELEASES: GLPI_MARKETPLACE_ALLOW_OVERRIDE: 1 GLPI_MARKETPLACE_MANUAL_DOWNLOADS: 1 GLPI_USER_AGENT_EXTRA_COMMENTS: GLPI_AJAX_DASHBOARD: 1 GLPI_CALDAV_IMPORT_STATE: 0 GLPI_DEMO_MODE: 0 GLPI_FORCE_EMPTY_SQL_MODE: 1 GLPI_DOC_DIR: /glpi/files GLPI_CACHE_DIR: /glpi/files/_cache GLPI_CRON_DIR: /glpi/files/_cron GLPI_DUMP_DIR: /glpi/files/_dumps GLPI_GRAPH_DIR: /glpi/files/_graphs GLPI_LOCAL_I18N_DIR: /glpi/files/_locales GLPI_LOCK_DIR: /glpi/files/_lock GLPI_PICTURE_DIR: /glpi/files/_pictures GLPI_PLUGIN_DOC_DIR: /glpi/files/_plugins GLPI_RSS_DIR: /glpi/files/_rss GLPI_SESSION_DIR: /glpi/files/_sessions GLPI_TMP_DIR: /glpi/files/_tmp GLPI_UPLOAD_DIR: /glpi/files/_uploads GLPI_NETWORK_REGISTRATION_API_URL: https://services.glpi-network.com/api/registration/ GLPI_MARKETPLACE_PLUGINS_API_URI: https://services.glpi-network.com/api/glpi-plugins/ GLPI_I18N_DIR: /opt/app-root/src/locales GLPI_VERSION: 9.5.7 GLPI_SCHEMA_VERSION: 9.5.7 GLPI_MIN_PHP: 7.2.0 GLPI_YEAR: 2022 GLPI_MOD_DIR: /opt/app-root/src/plugins/mod htmlawed/htmlawed version 1.2.5 in (/opt/app-root/src/vendor/htmlawed/htmlawed) phpmailer/phpmailer version 6.1.6 in (/opt/app-root/src/vendor/phpmailer/phpmailer/src) simplepie/simplepie version 1.5.6 in (/opt/app-root/src/vendor/simplepie/simplepie/library) tecnickcom/tcpdf version 6.3.5 in (/opt/app-root/src/vendor/tecnickcom/tcpdf) michelf/php-markdown in (/opt/app-root/src/vendor/michelf/php-markdown/Michelf) true/punycode in (/opt/app-root/src/vendor/true/punycode/src) iamcal/lib_autolink in (/opt/app-root/src/vendor/iamcal/lib_autolink) sabre/dav in (/opt/app-root/src/vendor/sabre/dav/lib/DAV) sabre/http in (/opt/app-root/src/vendor/sabre/http/lib) sabre/uri in (/opt/app-root/src/vendor/sabre/uri/lib) sabre/vobject in (/opt/app-root/src/vendor/sabre/vobject/lib) laminas/laminas-cache in (/opt/app-root/src/vendor/laminas/laminas-cache/src) laminas/laminas-i18n in (/opt/app-root/src/vendor/laminas/laminas-i18n/src) laminas/laminas-serializer in (/opt/app-root/src/vendor/laminas/laminas-serializer/src) monolog/monolog in (/opt/app-root/src/vendor/monolog/monolog/src/Monolog) sebastian/diff in (/opt/app-root/src/vendor/sebastian/diff/src) elvanto/litemoji in (/opt/app-root/src/vendor/elvanto/litemoji/src) symfony/console in (/opt/app-root/src/vendor/symfony/console) scssphp/scssphp in (/opt/app-root/src/vendor/scssphp/scssphp/src) laminas/laminas-mail in (/opt/app-root/src/vendor/laminas/laminas-mail/src/Protocol) laminas/laminas-mime in (/opt/app-root/src/vendor/laminas/laminas-mime/src) rlanvin/php-rrule in (/opt/app-root/src/vendor/rlanvin/php-rrule/src) blueimp/jquery-file-upload in (/opt/app-root/src/vendor/blueimp/jquery-file-upload/server/php) ramsey/uuid in (/opt/app-root/src/vendor/ramsey/uuid/src) psr/log in (/opt/app-root/src/vendor/psr/log/Psr/Log) psr/simple-cache in (/opt/app-root/src/vendor/psr/simple-cache/src) mexitek/phpcolors in (/opt/app-root/src/vendor/mexitek/phpcolors/src/Mexitek/PHPColors) guzzlehttp/guzzle in (/opt/app-root/src/vendor/guzzlehttp/guzzle/src) guzzlehttp/psr7 in (/opt/app-root/src/vendor/guzzlehttp/psr7/src) wapmorgan/unified-archive in (/opt/app-root/src/vendor/wapmorgan/unified-archive/src) paragonie/sodium_compat in (/opt/app-root/src/vendor/paragonie/sodium_compat/src) Server: 'tribunal.tre-ms.gov.br', Port: '389', BaseDN: 'OU=Users and Groups,OU=Tribunal,DC=tribunal,DC=tre-ms,DC=gov,DC=br', Connection filter: none, RootDN: 'CN=glpi,OU=GLPi,OU=Sistemas,OU=Users and Groups,OU=Tribunal,DC=tribunal,DC=tre-ms,DC=gov,DC=br', Use TLS: none Not active Way of sending emails: SMTP (atendimento@tre-ms.jus.br@10.19.1.37) Name: 'atendimento@tre-ms.jus.br' Active: Yes Server: '{10.19.1.37/imap/ssl/novalidate-cert/notls}' Login: 'atendimento@tre-ms.jus.br' Password: Yes analytics Name: analytics Version: 1.0.2 State: Not installed fields Name: Campos adicionais Version: 1.12.7 State: Enabled behaviors Name: Comportamentos Version: 2.5.0 State: Enabled datainjection Name: Data injection Version: 2.9.0 State: Enabled escalade Name: Escalonamento Version: 2.6.2 State: Enabled formcreator Name: Form Creator Version: 2.12.5 State: Enabled fusioninventory Name: FusionInventory Version: 9.5+3.0 State: Enabled tag Name: Gerenciamento de Etiquetas Version: 2.8.1 State: Enabled genericobject Name: Gerenciamento de objetos Version: 2.11.0 State: Enabled mod Name: GLPI Modifications Version: 2.0.2 State: Enabled hidefields Name: Hidefields Version: 1.0.0 State: Enabled mreporting Name: Mais Relatórios Version: 1.7.3 State: Enabled dashboard Name: Painel Version: 1.0.2 State: Enabled reports Name: Relatórios Version: 1.14.1 State: Enabled [/code]

Anything else?

no

github-actions[bot] commented 2 years ago

There has been no activity on this issue for some time and therefore it is considered stale and will be closed automatically in 10 days.

If this issue is related to a bug, please try to reproduce on latest release. If the problem persist, feel free to add a comment to revive this issue. If it is related to a new feature, please open a topic to discuss with community about this enhancement on suggestion website.

You may also consider taking a subscription to get professionnal support or contact GLPI editor team directly.