Prevent an user from having no authorizations profile

[emitlinks]

Code of Conduct

• [X] I agree to follow this project's Code of Conduct

Is there an existing issue for this?

• [X] I have searched the existing issues

Version

10.0.15

Bug description

There is an issue with GLPI that has been going on for a while with users authorizations and the ability to be able to view/edit that user profile when the last authorization has been removed from the user. When this happens, you are not allowed to view the user's page on GLPI and cannot edit the user anymore. The only way to fix that is to add an entry in the database in the glpi_profiles_users table to add one authorization manually.

There are two ways I can see to address this issue, either block the removal of the last authorization profile from the user or create a permission to be able to access the user page when something like that happens.

Relevant log output

No response

Page URL

No response

Steps To reproduce

1. Create / Import an user in GLPI
2. Go on the user page and remove every authorization
3. You get access denied when applying the modification and cannot access the page anymore

Your GLPI setup information

No response

Anything else?

No response

[cconard96]

Are you trying to view the user when connected to the root entity in tree/recursive mode? A user without profiles has no entity assignment so you need to be able to see all entities to view them.

[emitlinks]

Yes, I have the role Super-Admin, and I am connected to the root entity in recursive mode, but I can't see the users that have no entity assignment.

The entity I'm on :

What I get when I search the user :

The user is in database but doesn't have a profile linked to it :

Added the profile with sql query :

User is visible after adding the profile :

[github-actions[bot]]

There has been no activity on this issue for some time and therefore it is considered stale and will be closed automatically in 10 days.

If this issue is related to a bug, please try to reproduce on latest release. If the problem persist, feel free to add a comment to revive this issue. If it is related to a new feature, please open a topic to discuss with community about this enhancement on suggestion website.

You may also consider taking a subscription to get professionnal support or contact GLPI editor team directly.

[emitlinks]

I made a temp fix on my own with a script that look in the database every 5 mins for an user without authorization profile which then add one as self service for the root entity.

Still this issue need to be addressed.

Le mar. 24 sept. 2024, 10:09, github-actions[bot] @.***> a écrit :

There has been no activity on this issue for some time and therefore it is considered stale and will be closed automatically in 10 days.

If this issue is related to a bug, please try to reproduce on latest release. If the problem persist, feel free to add a comment to revive this issue. If it is related to a new feature, please open a topic to discuss with community about this enhancement on suggestion website https://glpi.userecho.com/.

You may also consider taking a subscription https://glpi-project.org/subscriptions/ to get professionnal support or contact GLPI editor team https://portal.glpi-network.com/contact-us directly.

— Reply to this email directly, view it on GitHub https://github.com/glpi-project/glpi/issues/17188#issuecomment-2370567563, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGLRYUTPV3TSSFZTAB45EG3ZYEM35AVCNFSM6AAAAABIHYVRESVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNZQGU3DONJWGM . You are receiving this because you authored the thread.Message ID: @.***>

[trasher]

I've not been able to reproduce on a fresh local instance; from the default admin account, all users are still present in the list. To fix the issue, we need a way to reproduce it from a fresh install.