Mahara

SAML auth update user issues

Series 20.10
Bug #1890349

Bug #1890349 reported by Robert Lyon on 2020-08-04

This bug affects 3 people

	Status	Importance	Assigned to	Milestone
Mahara	Fix Released	High	Robert Lyon
20.04	Fix Released	High	Unassigned	Mahara 20.04.2
20.10	Fix Released	High	Robert Lyon	Mahara 20.10.0

Bug Description

Currently if you have a user in Mahara that logs in via SAML and has update user option set then their admin/staff status is updated. If this info is not being passed in via SAML from IdP it means they are updated to be normal members.

We should only do this updating if any of the SAML instance settings are set for:
- rolesiteadmin
- rolesitestaff
- roleinstadmin
- roleinststaff

And if the particular one is not set to ignore updating this part of the user's profile

Also we need to check that the following is correct
     if ($institutionrole == 'admin') {
         $institution->addUserAsStaff($user);
     }

Should it be $institution->addUserAsAdmin($user);

Thanks go to SWITCH for sponsoring this fix.

See original description

Robert Lyon (robertl-9) on 2020-08-04

Changed in mahara:
importance:	Undecided → High
status:	New → Confirmed
milestone:	none → 20.10.0

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2020-08-24: A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/11174

Kristina Hoeppner (kris-hoeppner) on 2020-08-28

description:

updated

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2020-09-09: A change has been merged

Reviewed: https://reviews.mahara.org/11174
Committed: https://git.mahara.org/mahara/mahara/commit/fe31f2cd13818e4ef2f2fbf157a34eb3ba114c9c
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: master

commit fe31f2cd13818e4ef2f2fbf157a34eb3ba114c9c
Author: Robert Lyon <email address hidden>
Date: Tue Aug 25 08:20:51 2020 +1200

Bug 1890349: Ignore SAML permission roles if not set in instance config

If we have not set 'roles' option in SAML config then we need to
ignore any of the changing admin/staff roles

Change-Id: I7ac908b35e9f91f1906f1230460909340d23735f
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2020-09-09: A patch has been submitted for review

Patch for "20.04_STABLE" branch: https://reviews.mahara.org/11246

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2020-09-09: A change has been merged

Reviewed: https://reviews.mahara.org/11246
Committed: https://git.mahara.org/mahara/mahara/commit/37ed3c4db03103d7191b3225385893699e2aced7
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: 20.04_STABLE

commit 37ed3c4db03103d7191b3225385893699e2aced7
Author: Robert Lyon <email address hidden>
Date: Tue Aug 25 08:20:51 2020 +1200

Bug 1890349: Ignore SAML permission roles if not set in instance config

If we have not set 'roles' option in SAML config then we need to
ignore any of the changing admin/staff roles

Change-Id: I7ac908b35e9f91f1906f1230460909340d23735f
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit fe31f2cd13818e4ef2f2fbf157a34eb3ba114c9c)

Robert Lyon (robertl-9) on 2020-11-01

Changed in mahara:
milestone:	20.10.0 → none

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1879594

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.