I’ve just discovered that one of my FC7.2.12 sites allows all users to access the Admin panel. I’ve tried all sorts variations and can’t get the Contributor role to not see the Admin panel. All the usual things have been tried, App updates, restart of Lucee, using chrome in Incognito mode,checking and unchecking access, also checked to make sure I’m not missing a critical fix in FC around this. This isn’t something I’ve come across before and other FC sites I’ve got don’t suffer this issue.
This is a site that behaves like this in multiple environments (pre and prod) so I’m thinking that perhaps the permissions table has messed itself up in some way at some stage (maybe years ago, I’ve never needed to restrict other users before on it). It was originally a 6.x site that got updated back in the day.
Is there a way to rebuild the permissions tables (if that would help)? Or has anyone come across this?
So if I check the Webtop permissions for this Collaborator user, Some Guy, it all looks great.
But if you login as him, You still get the Admin tab.
It seems like a bug with permission inheritance, something that I expect should have been fixed but maybe it was fixed later than 7.2.12?
The way it should work is probably how you’d expect;
- If an item has permission granted, that is also inherited by the child nodes (the “light green” ticks)
- If an item has permission explicitly denied, then that item and it’s child nodes should not be accessible
- If the user is in multiple groups, and one or more Roles does have access to Admin, then the more permissive Role still applies
Are you able to try updating Core to the head of p740, or p800?
Otherwise yes, perhaps there is some legacy data issue where there is a permission record but you can’t see it in the part of the UI you’re looking at. You’d probably want to take a DB backup, then try creating a new role with a similar name and setting that one up from scratch, and then switching over to the new Role instead old the old one, and deleting the old one.
Thanks and Cheers for the suggestions.
After much dumping and tracing through all the functions I’ve discovered that I was missing a join on the farPermission table. arrrh! I have no idea why it would be missing but their you go.
