Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MODX 3.1.0 setup crashes if modUserGroupRole authority levels are not unique #16669

Open
BobRay opened this issue Dec 27, 2024 · 2 comments
Open

MODX 3.1.0 setup crashes if modUserGroupRole authority levels are not unique #16669

BobRay opened this issue Dec 27, 2024 · 2 comments
Labels
bug The issue in the code or project, which should be addressed.

Comments

@BobRay
Copy link
Contributor

BobRay commented Dec 27, 2024
edited
Loading

Bug report

Summary

I modUserGroupRole authority levels are not unique, setup crashes with this message:

"Multiple modUserGroup records with the same authority were found"

Step to reproduce

Create modUserGroup records with the same authority value
Run setup.

I assume this is the result of this change:

"Make authority a unique index on modUserGroupRole (#16587)"

First of all, I think the message is incorrect since it refers to modUserGroup records rather than modUserGroupRole records. The modUserGroup table has no authority field.

More important, I can't think of any reason for requiring unique authority levels.

I often use the same authority level for multiple user group roles. When users need different permissions, I put them in different user groups rather then giving them different authority levels. IMO, doing so makes it much easier to diagnose permission problems. I can't think of any harm that would be caused by having duplicate authority levels.

It also seems unreasonable to make current users edit their existing authority values in order to upgrade MODX, or to force them to make sure their authority levels are all unique. When you try to create a new role that uses an existing authority level, you get this message: role_err_save, and there's nothing in the description of the authority field that says the value has to be unique.
@BobRay BobRay added the bug The issue in the code or project, which should be addressed. label Dec 27, 2024
@BobRay BobRay changed the title MODX 3.1.0 setup crashes is modUserGroupRole authority levels are not unique MODX 3.1.0 setup crashes if modUserGroupRole authority levels are not unique Dec 27, 2024
@opengeek
Copy link
Member

The authority of a modUserGroupRole MUST be unique because that is the only reference back to a modUserGroupRole from any ACL record. This SHOULD have always been true, but seems to have been an oversight. There is no reason I can think of to have multiple modUserGroupRoles with the same authority. A "member" with authority of 9999 can be reused on every modUserGroup if you do not need different authority levels within a single group. This was a conscious decision, and the easiest way to resolve a problem in managing ACLs when authority values that were not unique were used to create the ACLs.

@BobRay
Copy link
Contributor Author

BobRay commented Jan 3, 2025

Fair enough. It did catch me by surprise on several sites. Still, the message needs to be corrected, possibly earlier in the process, showing the correct object name. And, I'd suggest giving a little more information about how to fix things so the use can complete the upgrade.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug The issue in the code or project, which should be addressed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@opengeek @BobRay