-
-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add basic multiple admin users support #3571
base: master
Are you sure you want to change the base?
Conversation
7eb733a
to
72ae82d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the Proto-PR we had a discussion about the value and need for tests in this PR.
I believe that security-related PRs should always come with tests to catch future regressions.
Normally, I would offer to provide a PR next week, but next week will be hell work-wise already
⇒ If somebody from #128 wants to provide an audit via implementing some of the above tests, this would be really appreciated
TLDR:
Given that this is a security-relevant PR, I think these cases should be covered (all as cypress-e2e testcases which are verifed by looking at the database + UI):
- adding a user adds it => user can log in
- disabling user marks the user as disabled => user cannot log in
- enabling user marks the user as disabled => user can log in
- removing a user removes the user => user cannot log in
This comment was marked as resolved.
This comment was marked as resolved.
b53aaa4
to
5f06084
Compare
Well, I'm opening a PR on v1.x series... I have do my best but please keep in mind that it's a bit hard to handle such review without the related eslint rules configured... In addition, it's the first time I use JSDoc (very nice).
I just push an update on this PR where I try to exhaustively take care about that. As already explained, since there is no such eslint rule in v1.x series, please tell me if there is still something to change 🙏🏼 |
I can help with some cypress tests, if still needed. I saw the project have some Github codespaces config files, and saw some setups to test cypress with them I can open a PR on that too I also recommend to setup cypress cloud with an OSS plan to help testing and debugging cypress tests: (easy setup) https://docs.cypress.io/guides/cloud/account-management/billing-and-usage#Open-Source-Plan |
This comment was marked as spam.
This comment was marked as spam.
I tried to find a branch to PR this on the main remote but couldn't find it |
add cy login and create admin tests for louislam#3571
@Rovel Just merged it so your commits are here now. THANKS A LOT!! 😘 ❤️ |
@M1CK431 I added a secondary PR with cy tests on the edit user form in M1CK431#3 |
IMO that's out of scope for this PR -- all users are admins, and admins should be able to create and delete accounts. That said, I suspect in future the idea of user roles might be added, and non-admins probably shouldn't be able to add or remove users. |
@Rovel Thanks a lot for your work, I just merged it. To answer your question, once this PR will be merged, the concept of "root" user doesn't exist anymore. There is just (admin) users, period. As @BenjaminEHowe mention, we could imagine adding a rights management system (ACL, RBAC, etc...) in the futur, but this is totally out of scope of this PR. As you know, it's already a big change and so I would like to keep things as simple as possible. Anyway, thanks for your question, it's a pleasure to work with invested people 😍 |
@CommanderStorm @louislam So now we have many unit tests! What is the next step? |
This comment was marked as spam.
This comment was marked as spam.
This comment was marked as spam.
This comment was marked as spam.
@M1CK431 Currently, our pipeline is quite blocked with getting the |
Thanks for your reply @CommanderStorm.
I think I'm not too demanding: this PR is open since august...
Thanks, so perhaps @chakflying could reply to my question? |
|
This PR is proposed on v1.x series.
Sorry, I can't agree with that. The current situation in real world use case is that the only possible account is shared between multiple users. With the changes I made, the situation is exactly the same regarding changes propagations, outdated data, etc... except that each users is connected with it's own account. Consequently there is absolutely no extra work needed.
Yes, I'm myself a person with (very few) free time. Because of that, I don't want to waste my time to rebase/resolve conflits again and again. That's why I ask first a review by a maintainer which as the power to say "ok, this code is good, just rebase/resolve conflits and I will merge it". Are you this one @chakflying ? |
|
Ok things are clear now: this PR will never be merged.
Currently, when 2 people works at the same time on the same monitor (which is a very corner case in real world), things works perfectly: the last save overwrite the DB content. Expected behavior, right? My changes doesn't impact that in any way. For any other changes, well there is WS for that and I have tested it myself when I was working on that feature: no problem. In addition, I'm using my patched version in production since months, without any issue.
Considering the fact that this PR will never be merged, I guess there is no more attention to pay at all... 😭 Anyway, thanks for the time you spent replying me 😘 |
d0b68d9
to
b4d062c
Compare
Hi @louislam @CommanderStorm @chakflying 👋🏼 Also I notice (with joy!) that this feature is now part of milestone 2.1.0 and that milestone 2.0.0 is almost reaching the end (96%). Now waiting a little sign from your side to finalize and merge that work 😘 EDIT: I update it again mainly to please new linter rules. However there are still some "strange" errors (for ex: complaint about JSDoc optional params default values 🤷🏼♂️, complaint about Cypress related keywords...). I'm not sure about that so I keep them as is for now. Would be happy to have explanation through. |
ad4ffec
to
f192f4f
Compare
@M1CK431 cypress is dropped in 2.0.0 that's why the check-liner run fails |
Ok thanks. So I should remove all test related files from this PR, right @Zaid-maker ? |
Convert them to playwright testing instead if it's OK for you |
I don't know how to do this. The cypress tests existing in this PR was done by @Rovel. |
9d04fb8
to
b480647
Compare
@Zaid-maker I just remove the cypress tests files. There are still a few linter errors related to:
I don't understand why this linter rule even exist since an optional parameter often have a default value. Developers probably want to knows about that default value to determine if a different value is needed depending of the use case 🤔 |
If its exist maybe it's for good cause, still wait for Louis to review the PR, or maybe I could look into the issue when I get free |
b480647
to
5a16af4
Compare
If needed, I may try to add permissions system after, when this PR will be merged. It can be a game-changer for large structures (in my use case). |
@M1CK431 @chakflying @CommanderStorm in this pr multiple user support changes are done. could we add below changes. it would helpful to everyone
|
@vishalsabhaya The tenant aspect may be handled by the permissions system. A "brainstorm" will be made in a dedicated issue when this PR will be finished. Regarding saving non-login users, I'm not sure of what you're talking about (I'm not mentionned, so maybe others will understand), but I don't know what is the link between this and the PR (like this PR is to add several users, but you mention storing non-login users). |
Hi @vishalsabhaya , Please refer to this comment to understand why nothing will be added in this PR. |
Thank you for sharing information regarding permission. Consider there is several big departments. each department & management is isolated to each other. infrastructure is common but management person is different. so by considering this. we can include tenant. of course permission set also required. why should we not include both? we already change all query. it will be simple change by adding tenant_id & data migration script for tenant. I can contribute if you all agree. Regarding saving non-login users. i am using uptimerobot. there you can create contacts like email, mobile no. if login is allow then it will consider mail for login. it will very useful for notify existing contact. |
@vishalsabhaya I saved your comment for when I'll work on the permissions system. I think it's better not having several PRs on the same topic to avoid merge conflicts as much as possible, but the tenant system is interesting and could indeed be used to have a simplier team management. As I said previously, permissions will be a topic we'll need to discuss before working on it, several things must be set before. Therefore, it's too early to clearly define specs without having a global vision, but as I said previously, an issue by me will be created after this PR approbation! |
@Ionys320 |
https://github.com/louislam/uptime-kuma/blob/master/CONTRIBUTING.md#can-i-create-a-pull-request-for-uptime-kuma
Tick the checkbox if you understand [x]:
Description
Add a very basic multiple admin users support.
ℹ️ This PR is already reviewed by @CommanderStorm and @chakflying (at least partially for the later). I really would like to thanks them a lot for help and advises while on boarding a new contributor. It was a pleasure to work with them 🤗
Fixes #128 (in a very basic/partial way)
Per commit review hugely recommended due to this PR size. I really take care about git commits history to easy the review for @louislam
Type of change
Checklist
(including JSDoc for methods)
Screenshots (if any)
Users list:
Confirm modal on disabling user:
Add an admin account:
Edit an admin account: