mahara-contributors team mailing list archive

Thread
Date

[Bug 1606101] Re: LDAP user sync using root ID to suspend users

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Aaron Wells <1606101@xxxxxxxxxxxxxxxxxx>
Date: Mon, 25 Jul 2016 05:41:35 -0000
Reply-to: Bug 1606101 <1606101@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Abandoned patch 6750 after discussing it with Ghada, who has convinced
me that putting an invalid user ID in that column creates too many
potential bugs.

So right now our options are:

1. Arbitrarily pick one of the site admin users, and use their ID as the
suspendedcusr.

2. Locate every place that checks (bool) usr.suspendedcusr, and change
it to check (bool) usr.suspendedctime instead.

Option 1 is easier, but it has the nasty side effect that, well, we're
arbitrarily picking one admin user and very rarely using them as the
suspendedcusr. The name of that admin user is included in the message
that gets sent to the suspended user, and so depending on how things are
set up in that site, this could cause confusion. (Like, "Why did Tony
suspend me?").

Option 2 would be cleaner. Or better yet, add a "usr.suspended" column,
which is 0 or 1, and check that instead. That would prevent future devs
from accidentally going back to relying on suspendedcusr. But the
downside to 2, is that suspendedcusr shows up 27 different times
throughout the code, and sometimes does double-duty as a boolean and as
the ID of the suspending user, in ways that may be tricky to debug and
test. So maybe, since the LDAP sync is the only way this situation comes
up, it would be best to just stick with the low-effort Option 1?

--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1606101

Title:
LDAP user sync using root ID to suspend users

Status in Mahara:
In Progress

Bug description:
Mahara: 16.04.2
DB: Postgres
OS: Linux

There is a bug with the LDAP sync when it is suspending users:
htdocs/auth/ldap/cli/sync_users.php

The user that is running the cron LDAP sync job is 'root' - has an ID
of 0.

Mahara updates the suspended user record with the userid that is doing
the suspending (i.e. suspendedcusr = 0).

When validating if a user record is suspended, we check if the
suspending user id is empty. Because the suspending user ID is '0', it
thinks that to the suspended user is not suspended - when they should
be suspended.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1606101/+subscriptions

References

[Bug 1606101] [NEW] LDAP user sync using root ID to suspend users
From: Ghada El-Zoghbi, 2016-07-25