Administrator's Notes module is showing up for all clients

When I suggested the Administrator's Notes module for VM you didn't lock it so that only the Master Admins can see it. As it is now the notes can be seen by any client that logs in and that's not good when admin share sensitive notes that no one should see but the Master Admin's.

Status: 
Closed (fixed)

Comments

I was wondering about this too, but I came to the conclusion that these were not "notes", but a communication tool to post a notice for clients to see when logging in. However, you are right in that clients see a "save" button that just causes an error.

So either this is indeed a notes feature with the bug you describe, or it's a misnamed notices feature that needs to have the "save" button removed in sub-server accounts, and reformatted to be immutable text rather than looking like something the client can edit.

Craig

This module was suggested by me a couple years ago and what Jamie and I discussed was to use this module to pass master admin notes to other master admins and not everyone as sometimes we pass password changes and such and user/resellers/domain owners are not suppose to see this at all.

Actually, the notes shouldn't be visible to other (non-root) users at all.

Which Virtualmin theme are you using there?

I'm using Authentic.

I'm using VM Framed theme... The admin notes shows up in all themes as a normal user.

Ok, I found the bug that causes this - it will be fixed in the next Virtualmin release.

Status: Active » Fixed

That's good news... when is the next release happening ?

I just saw a update to this module but it's still showing up in non-master admin main frame.

This needs to be fixed as it's unusable and could leak private info between admins.

Sorry, this missed the cut for the 5.01 Virtualmin release - but it will be in 5.02. I can send you a patch if you want a fix sooner though.

Thanks but I have too many servers to patch unless you got a deb file to upgrade the admin notes.

Joe's picture
Submitted by Joe on Mon, 03/21/2016 - 04:39 Pro Licensee

That patch won't be visible (virtualmin/virtualmin is a private repo).

Here it is:

virtual-server/system_info.pl
@@ -614,7 +614,9 @@ sub list_system_info
}

# Sections defined by plugins
-foreach my $p (&list_plugin_sections()) {
+my $level = &master_admin() ? 0 :
+     &reseller_admin() ? 2 : 1;
+foreach my $p (&list_plugin_sections($level)) {
push(@rv, { 'type' => 'html',
    'id' => 'plugin_'.$p->{'name'},
    'desc' => $p->{'title'},

You sure that's correct ??

I added that code and I got a syntax error.

What I have for that section of code is this....

# Sections defined by plugins
foreach my $p (&list_plugin_sections()) {
        push(@rv, { 'type' => 'html',
                    'id' => 'plugin_'.$p->{'name'},
                    'desc' => $p->{'title'},
                    'html' => $p->{'html'},
                    'open' => $p->{'status'} });
        }

never mind -- I didn't paste the change correctly

It works so thanks for fixing this !!

Status: Fixed » Closed (fixed)

Closing ticket