alextxm Posted June 23, 2013 Report Share Posted June 23, 2013 Hi all, I'm haing some problems with webui: i've assigned different permissions to the plastic server repositories but webui seems unable to correctly handle them. it seems webui "loads" permissions not the effective user logged in but for the first one who logs in. Example: permissions: repoA: user1=all user2=none repoB: user1=all user2=all repoC: user1=all user2=noneExpected result: user1: sees all repositories user2: only sees repoB actual result: logging in with user1: all repositories then logging in with user2: all repositories reset the appliction pool and restart the website logging in with user2: repoB logging in with user1: repoB that's pretty weird.Is there anyone else experiencing this?The webserver is IIS8 on WindowsServer2012, plastic is the 4.1.10.447 release confiured in UPWorkingMode.Thank you Alessandro Link to comment Share on other sites More sharing options...
alextxm Posted June 24, 2013 Author Report Share Posted June 24, 2013 @PlasticSCM team... is there anyone? Link to comment Share on other sites More sharing options...
calbzam Posted June 26, 2013 Report Share Posted June 26, 2013 Hi @alextxm, Thanks for reporting, I´m going to try to reproduce the issue. Regards, Carlos Link to comment Share on other sites More sharing options...
alextxm Posted June 29, 2013 Author Report Share Posted June 29, 2013 hi @calbzam, have you been able to replicate the issue on your side ?do you have any news on it ? i'd like to use webui but due to this bug it is pretty unusable in team.Thank you Alessandro Link to comment Share on other sites More sharing options...
calbzam Posted July 1, 2013 Report Share Posted July 1, 2013 Hi, Yes, we have detected and fixed the problem. The fixed version will be released very soon Regards, Carlos Link to comment Share on other sites More sharing options...
alextxm Posted July 2, 2013 Author Report Share Posted July 2, 2013 Thank you for the great news can't wait for the next release!Alessandro Link to comment Share on other sites More sharing options...
manu Posted July 3, 2013 Report Share Posted July 3, 2013 The release will be ready today Link to comment Share on other sites More sharing options...
SilverKnight Posted July 18, 2013 Report Share Posted July 18, 2013 Where can we see the WebUI release notes? I thought this problem was related to another that I had, so I downloaded 4.1.10.457 web-frontend (July 8th) which was supposed to have the auth fix in it. However, I'm still seeing an issue. I've also just tried the 4.1.10.463 version. Looking at https://www.plasticscm.com/download/releasenotes.aspx, the last WebUI item listed was from External Release 4.1.10.376 (Nov 29th 2012) Was the auth code fixed on/after July 3rd 2013? What version was that? 457? - but no notes in the 457 external release? What I'm experiencing is that with Plastic setup for AD/LDAP auth, that I can log into WeebUI with ANY password, and it shows I'm logged in, and presents the choose repository list. Everything appears to be completely functional - even though it should NOT be functional, since I didn't actually provide the correct password to log in (my AD credentials) This is in the Web.Config <appSettings> <add key="Language" value="en" /> <add key="SEIDWorkingMode" value="ADWorkingMode" /> <add key="Server" value="Plastic01.gohealthcast.com:8087" /> <add key="IdleProcessUser" value="build" /> <add key="IdleProcessPassword" value="********************" /> <add key="LogRequestTime" value="false" /> </appSettings> Is the Web UI actually using the IdleProcessUser for all connections to the plastic server for viewing data? Link to comment Share on other sites More sharing options...
calbzam Posted July 19, 2013 Report Share Posted July 19, 2013 Hi,If you check release notes for: External Release 4.1.10.457 (Jul 02nd 2013): https://www.plasticscm.com/download/releasenotes.aspx: --> Bug Web UI: After logout and log in again with other user, permissions were not correctly applied. Fixed.This is the issue we fxed in the release.When you configure Web UI in the IIS side, if you enter wrong user password and open Web UI in the client side and enter fine user and password, you will be able to see all the items, changesets...The creadentials you enter in the client side allow you to see this information. But you will not be able to see the stadistics (Charts)Web UI is not using the IdleProcessUser for all connections to the plastic server for viewing data. This uses is necessary to connect to the server and generate the charts.Regards,Carlos Link to comment Share on other sites More sharing options...
SilverKnight Posted July 24, 2013 Report Share Posted July 24, 2013 Ok, well, it seems like there is still some sort of auth problem then, unless I didn't successfully (or correctly) upgrade the necessary components. Is there an upgrade document that shows how to do that? I just downloaded the latest version 4.1.10.463 - and unzipped the bin directory over the current version I had (no other files appeared to have changed date/time) If that is not sufficient to upgrade, then after getting the correct procedures, I'll re-test - however, if that is sufficient, then there still looks like there is a problem. In my scenario: I stopped and restarted the server, and was the ONLY user logging in - I purposly gave it a valid name, but INVALID password from the log-in page. I logged in using my username and a bad password and was still able to access everything, including charts, change set/history, repository browsing, etc. Instead, (ideally) I should have not made it past the log-in page, and should have been told the account or passward was invalid. Could that have been caused by browser caching? I believe I was "logged out" prior to the server-IIS restart. The whole reason I posted in this thread is that I thought I was experiencing the same issue, where the first time login I provided correct credentials, but then on the second, provided incorrect ones - hoping it would be fixed - but for me, the problem remains. Is there some sort of logging I can turn on that will show the results of an auth attempt? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.