[#672] Cron to warn about site admins about weird permissions

Description

Summary:

Detailed description

I got a few cases of weird RBACs today, with users granting project_admin or scm=write privileges to Anonymous or LoggedIn roles. This didn't seem intentional.

It would be nice to have a cron'd script to warn the site admins when permissions are too open.

Other cases: - I got users members of Anonymous or LoggedIn roles but that can be considered a bug in old FF versions - I also got in the past people who mistakenly dropped their own admin privileges, this could be checked too.

General Information
Submitted by:
Sylvain Beucler
Date Submitted: 2014-05-13 16:18
Last Modified by: Nobody
Last Modified: 2017-11-02 20:00
Permalink: https://fusionforge.org/tracker/a_follow.php/672
Actions
Internal Fields
Data Type: Feature requests
Assigned to: Nobody (None)
State: Open
Priority: 3
Extra Fields
Resolution:
none
Difficulty:
none
Target release:
none
Follow-up tabs
Message  ↓
Date: 2014-05-13 16:21
Sender: Sylvain Beucler

To get groups granting "open" permissions on Anonymous or LoggedIn: SELECT groups.group_id, unix_group_name FROM role_project_refs JOIN groups ON (role_project_refs.group_id=groups.group_id) JOIN pfo_role_setting ON (role_project_refs.role_id=pfo_role_setting.role_id AND (pfo_role_setting.ref_id=groups.group_id) AND ((section_name='project_admin' AND perm_val=1) OR (section_name='scm' AND perm_val=2))) WHERE role_project_refs.role_id IN (1,2);

No attached documents

No related commits.

No Changes Have Been Made to This Item

No relations found.