Open teward opened 6 years ago
Thomas,
In 1.4.6a I see the expected behavior. Clicking [Block User] sets the user state to 'blocked' in one member_trustgroup record. The user still has the preexisting privileges in other trustgroups.
@bapril Interesting. This may need additional verification and testing, and in the downtime I have during the week I will dig into a fresh instance of this to do more testing. I'll let you know, but if anyone else can test/verify whether this behavior is indeed working properly or not, that'd be wonderful.
It looked liek when a user was marked as blocked in any trust group, however, it also rejected mail messages to other Trust Groups. Perhaps this is a mail-handler related issue?
In an instance of Trident 1.4.6RC2, many TGAdmins are using "Block User" as a mechanism to disable users from accessing a specific Trustgroup.
This, however, has an unintended side effect: it blocks the user globally from all trust groups.
This came up today with a specific user getting "blocked" in multiple trustgroups when they should have been 'removed' from a trustgroup instead.
If I remember correctly, the current functionality for blocking a user with that function is a hold-over from an older system. However, this behavior is not necessarily the best behavior - blocking the user globally in multiple trust groups with a single block in any trust group sounds like poor UI and permissions behavior.
Therefore, I see only two solutions:
(1) Reconfigure the "Block" system to only set blocks on individual trustgroups rather than the user as a whole in the system.
(2) Instead of allowing access to "Block" to trustgroup administrators, replace that with a "Remove user from Trustgroup" button that does the corresponding
DELETE FROM member_trustgroup WHERE member='{MEMBERID}' AND trustgroup='{TRUSTGROUP}'
calls, and only permit sysadmin level users to have the "Block User" functionality globally.This way, we don't have to worry about a single user getting a global block when it was expected for only a user to get blocked in a specific trustgroup.