Forum .LRN Q&A: dotlrn-admin priviledges are not revoked

Hi,

When removing users from the 'dotlrn-admin' group (http://yourserver/dotlrn/admin/dotlrn-admins), the privileges to admin the dotlrn main package are not removed.

The user is removed from the 'dotlrn-admin' group but still has perm to admin dotlrn.

Collapse
Posted by Emmanuelle Raffenne on
It appears that's not a dotlrn bug but a core one. The script to add a dotlrn admin (packages/dotlrn/www/admin/admin-add-2.tcl) does:

group::add_member -group_id $group_id -user_id $user_id

and the one to remove (packages/dotlrn/www/admin/admin-remove.tcl):

group::remove_member -group_id $group_id -user_id $user_id

It looks like the user is removed from the group but permissions on child objects are not removed or something like that.

Collapse
Posted by Dave Bauer on
Could be a core bug, or a misunderstanding of core APIs by dotlrn.

We should look into this. Thanks for the reports.

Collapse
Posted by Emmanuelle Raffenne on
Hi all,

Finally, this was a bug in acs-subsite/tcl/group-procs.tcl (group::remove_member) that has been introduced in OpenACS version 5.4 (dotLRN version 2.4).

I have committed a fix at oacs-5-5 branch and HEAD.

Thanks to Michael who didn't stop until he found where the bug was.