[rt-users] unprivileged users need to log in twice
Kevin Falcone
falcone at bestpractical.com
Wed Dec 9 16:49:14 EST 2009
On Wed, Dec 09, 2009 at 12:26:53PM -0800, David Griffith wrote:
> On Wed, 9 Dec 2009, Kevin Falcone wrote:
>
> > On Wed, Dec 09, 2009 at 11:40:32AM -0800, David Griffith wrote:
> >> Go to http://foobar.com/rt and you see the RT login screen. Login as an
> >> unprivileged user (Alice). The username and password field will blank
> >> out. Type in Alice's username and password again, and you'll be logged in
> >> as Alice. That's the first part of the bug.
> >
> > What happens at http://foobar.com/rt/ vs /rt
> > Also, what is your URL after the initial failed login?
>
> Trailing slash makes no difference. The URL after initial failed login is
> http://foobar.com/rt/SelfService/
>
> >> The second part is when you type in the username-password the second
> >> time. If at that point you attempt to log in as a privileged user,
> >> you'll log in, but your permissions are that of an unprivileged user.
> >
> > This sounds like the initial login worked enough to get you redirected
> > to /rt/SelfService/ which would certainly make it appear that you're
> > an unprivileged user when you then log in as Bob (the privileged user)
>
> I see. Any ideas of what's going on?
Not without further digging, but at least we've explained the
unprivileged rights issue.
-kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20091209/8a24121d/attachment.sig>
More information about the rt-users
mailing list