Xibo

Display and User/Group Security

Asked by Jon H

Using Xibo 1.2, I have created two users (joetest and randomuser).

I have one display and I have set the Group Security so that joetest as the only member.

If I login as randomuser, I can 1) still see the display and 2) edit the display in anyway I want.

Obviously I'd like to limit who has access to what displays. Am I doing this wrong, or is there an issue?

Thanks

Question information

Language:
English Edit question
Status:
Solved
For:
Xibo Edit question
Assignee:
No assignee Edit question
Solved by:
Alex Harrington
Solved:
Last query:
Last reply:
Revision history for this message
Alex Harrington (alexharrington) said : 		#1

Is randomuser an admin?

Are you certain that random user (or a group randomuser is in) isn't
also assigned to that display?

Revision history for this message
Jon H (jrhughes) said : 		#2

Randomuser is listed as a 'User' (not a Group Admin or Super Admin)

The only 'Members' of that display is joetest.
Users, randomuser, and a test group i made are all listed as 'Non-Members'.

Revision history for this message
Alex Harrington (alexharrington) said : 		#3

I've just setup a test as you describe with two users on 1.2.0 and it
works as I would expect.

Perhaps you could post some screenshots showing all the dialogs or if
the server is accesible from the internet email me an admin
account/password to <email address hidden>

Alex

Revision history for this message
Jon H (jrhughes) said : 		#4

The server isn't accessible from the outside world, so sadly I can't do that.
I did take a screenshot showing the permissions on the display, as well as the permissions on the two users.
http://img143.imageshack.us/img143/2593/xibouserpermissions.png

Hope that helps out.

Revision history for this message
Alex Harrington (alexharrington) said : 		#5

In that case I'll need a backup of your database to see what is happening as I can't replicate it here.

Alex

Revision history for this message
Jon H (jrhughes) said : 		#6

Once again I'm coming back to this issue (I've been swamped and unable to further test Xibo until this week). I recreated my server from scratch, followed the instructions on the wiki and I've run into this problem again.

Everyone has access to all Displays, regardless of permissions. Right now it's TestUser and Joe, with TestUser being the only one with access/permissions to a display. Yet Joe can come in and change the display.

If you're still willing to take a look at this, what would you need from me (and how would I do that...I'm somewhat of a newbie to SQL stuff).

Thanks
Jon

Revision history for this message
Alex Harrington (alexharrington) said : 		#7

Check the permissions on the display itself, not the groups it's a member of.

Failing that, its probably easiest if you can take a backup of your database and send it to <email address hidden> along with whatever scenario you want to implement.

Alex

Revision history for this message
Best Alex Harrington (alexharrington) said : 		#8

Right. I think I understand what's happening now.

Management of displays is an administrator function. We don't intend for normal users to have access to the display management page. All the display security settings do is allow control of the display or display group in the scheduler.

What's intended is that you, the administrator setup the two displays with a suitable default layout (say your institutions logo) so that if nothing is scheduled there's something to display.

Then your two users schedule content on to the displays that override your default - that's where the permissions on displays come in. You don't want to allow them access to the management menu or display management page at all.

Alex

Revision history for this message
Jon H (jrhughes) said : 		#9

Head, meet desk.

Thank you, I knew this was something simple, just a misunderstanding of how things worked. Thanks a bunch for your help, this just saved me a lot of hassle.

I promise I'll be back with more questions:)

Jon

Revision history for this message
Jon H (jrhughes) said : 		#10

Thanks Alex Harrington, that solved my question.

Revision history for this message
Alex Harrington (alexharrington) said : 		#11

No problem. It's an interesting usecase and not something we'd envisaged.

Dan and I have a meeting coming up shortly and we'll discuss this to see if we want to make changes as a result.

Cheers

Alex