No restriction on segments created by super user in Piwik2.0


#1

Hi Matt,

Good to post a message here.

Concern is like there is no restriction on segments created by super user when enabled for all users from Piwik2.0 and so loggedin users other than super-user can update or delete superuser created segments as per their requirement, which will disable the segments for him & other users as well because $enabledAllUsers will be set as false in DB when SegmentEditor:update() is invoked.

In Piwik1.12, this was restricted. It would be better if the same is restricted in Piwik2.0,
Snippet in /piwik/plugins/SegmentEditor/API.php in method get($segment) should be commented as,
try {

      //  if (!$segment['enable_all_users']) {
            Piwik::checkUserIsSuperUserOrTheUser($segment['login']);
      //  }

    } catch (Exception $e) {
        throw new Exception("You can only edit the custom segments you have created yourself. This segment was created and 'shared with you' by the Super User. " .
            "To modify this segment, you can first create a new one by clicking on 'Add new segment'. Then you can customize the segment's definition.");
    }

Or kindly let me know if this restriction would have been removed more as a feature in Piwik2.0 but this will not be a better solution I guess.

Pls suggest.


(Matthieu Aubry) #2

can you upgrade to the latest piwik 2.8.0 beta and then explain how to reproduce the problem? ie. list list of steps and what you expect VS what you get?


#3

Thanks Matt,

Restriction is added in Piwik2.8 beta2 :slight_smile: