Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
User Query and Change User as a result Ingores User Permission
See original GitHub issueDescription of the issue
Even if a User does not have rights to list other users in the system, they still can do it by using “Change User” dialog in My Profile section.
Context information (for bug reports)
Output of bench version
(paste here)
Steps to reproduce the issue
- Login using a user with no User doctype permission
- Go to My Profile
- Click on Change User
Observed result
Expected result
Stacktrace / full error message
(paste here)
Additional information
OS version / distribution, Frappe install method, etc.
Issue Analytics
- State:
- Created a year ago
- Comments:5 (2 by maintainers)
Top Results From Across the Web
Add, edit, and delete users and user groups - Analytics Help
Manage the list of users who have access to your Analytics account. ... You can change the level of access and permissions for...
Read more >25 Managing User Privileges and Roles - Oracle Help Center
This chapter explains how to use privileges and roles to control access to schema objects and to control the ability to execute system...
Read more >Set privacy levels (Power Query) - Microsoft Support
Set privacy levels (Power Query) ... Privacy levels are critical to configure correctly so that sensitive data is only viewed by authorized users....
Read more >“View All” and “Modify All” Permissions Overview
The “View All” and “Modify All” permissions ignore sharing rules and settings, ... View and Edit Login Hours in the Enhanced Profile User...
Read more >What You Need to Know to Manage Users in Django Admin
For example, the name of the permission to change a user is auth.change_user . ... In Django apps, the user is usually obtained...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
This is probably because User has “Select” permission on “User” doctype. Nothing specific is being done for “My profile” page, it behaves just like any another link field.
And even if I explicitly add a permission setting for the concerned Role and User doctype and not select the “Select” checkbox, nothing happens and User still has select permission