Add information about risks associated with giving super user access …

…to a user (#22554) (#22589)

* Add information about risks associated with giving super user access to a user

* Update risks to allow ActivityLog plugin upsell and link to it when activated

* Update UI test screenshots

* Add UI tests with ActivityLog and without Marketplace

* Tweak UI test spec

* Update UI test screenshots

* Update UI test screenshots from CI run

* Ensure to reload the user manager page after changing plugins config

* Reset modal confirmation UI test screenshot

* Use the same modal screenshot approach as used elsewhere in the suite

plugins/UsersManager/Controller.php

@@ -52,6 +52,11 @@ class Controller extends ControllerAdmin
      */
     private $passwordVerify;
 
+    /**
+     * @var Plugin\Manager
+     */
+    private $pluginManager;
+
     /**
      * @var Model
      */
@@ -62,6 +67,7 @@ public function __construct(Translator $translator, PasswordVerifier $passwordVe
         $this->translator = $translator;
         $this->passwordVerify = $passwordVerify;
         $this->userModel = $userModel;
+        $this->pluginManager = Plugin\Manager::getInstance();
 
         parent::__construct();
     }
@@ -131,6 +137,8 @@ public function index()
             $view->filterAccessLevels[] = $capabilityEntry;
         }
 
+        $view->activatedPlugins = $this->pluginManager->getActivatedPlugins();
+
         $this->setBasicVariablesView($view);
 
         return $view->render();

plugins/UsersManager/UsersManager.php

@@ -389,7 +389,19 @@ public function getClientSideTranslationKeys(&$translationKeys)
         $translationKeys[] = 'UsersManager_Status';
         $translationKeys[] = 'UsersManager_SuperUserAccess';
         $translationKeys[] = 'UsersManager_SuperUserIntro1';
+        $translationKeys[] = 'UsersManager_SuperUserIntro1WithoutMarketplace';
         $translationKeys[] = 'UsersManager_SuperUserIntro2';
+        $translationKeys[] = 'UsersManager_SuperUserIntro3';
+        $translationKeys[] = 'UsersManager_SuperUserRiskData';
+        $translationKeys[] = 'UsersManager_SuperUserRiskSecurity';
+        $translationKeys[] = 'UsersManager_SuperUserRiskMisconfiguration';
+        $translationKeys[] = 'UsersManager_SuperUserRiskUserManagement';
+        $translationKeys[] = 'UsersManager_SuperUserRiskServiceDisruption';
+        $translationKeys[] = 'UsersManager_SuperUserRiskMarketplace';
+        $translationKeys[] = 'UsersManager_SuperUserRiskAccountability';
+        $translationKeys[] = 'UsersManager_SuperUserRiskAccountabilityCheckActivityLog';
+        $translationKeys[] = 'UsersManager_SuperUserRiskAccountabilityGetActivityLogPlugin';
+        $translationKeys[] = 'UsersManager_SuperUserRiskCompliance';
         $translationKeys[] = 'UsersManager_SuperUsersPermissionsNotice';
         $translationKeys[] = 'UsersManager_TheDisplayedUsersAreSelected';
         $translationKeys[] = 'UsersManager_TheDisplayedWebsitesAreSelected';

plugins/UsersManager/lang/en.json

@@ -154,7 +154,19 @@
         "FirstSiteInlineHelp": "It is required to give a new user a view role for a website upon creation. If no access is given, the user will see an error when logging in. You can give more permissions after the user is created in the 'Permissions' tab that will appear on the left.",
         "SuperUsersPermissionsNotice": "Super users have admin access to all websites, so there's no need to manage their permissions per website.",
         "SuperUserIntro1": "Super users have the highest permissions. They can perform all administrative tasks such as adding new websites to monitor, adding users, changing user permissions, activating and deactivating plugins and even installing new plugins from the Marketplace. You can grant Super User access to other users here.",
+        "SuperUserIntro1WithoutMarketplace": "Super users have the highest permissions. They can perform all administrative tasks such as adding new websites to monitor, adding users, changing user permissions and activating and deactivating plugins. You can grant Super User access to other users here.",
         "SuperUserIntro2": "Please use this feature carefully.",
+        "SuperUserIntro3": "Potential risks are:",
+        "SuperUserRiskData": "%1$sData loss%2$s - super users can delete data, websites, or users. Mistakes or malicious actions could result in the irreversible loss of critical analytics data.",
+        "SuperUserRiskSecurity": "%1$sSecurity%2$s - super users can modify settings. Making incorrect configurations could introduce security vulnerabilities or lead to disruption of services.",
+        "SuperUserRiskMisconfiguration": "%1$sMisconfiguration%2$s - super users can alter system-wide settings, including those that affect performance, tracking, and data collection.",
+        "SuperUserRiskUserManagement": "%1$sUser management%2$s - super users can change or revoke permissions for other users, change their passwords or reset their two-factor authentication. This could lead to unauthorized access, user impersonation or prevent legitimate users from accessing the system.",
+        "SuperUserRiskServiceDisruption": "%1$sService disruption%2$s - super users have the ability to deactivate functionalities. This could lead to unintended downtime or disruption of services, affecting data collection and reporting.",
+        "SuperUserRiskMarketplace": "%1$sMarketplace%2$s - super users can purchase and install plugins from the Marketplace, potentially leading to unapproved expenditures or the introduction of unwanted features.",
+        "SuperUserRiskAccountability": "%1$sAccountability%2$s - Actions taken by super users might be difficult to trace if not properly audited, leading to challenges in accountability and troubleshooting issues.",
+        "SuperUserRiskAccountabilityCheckActivityLog": "View %1$srecent activity%2$s.",
+        "SuperUserRiskAccountabilityGetActivityLogPlugin": "Consider installing the %1$sActivity Log plugin%2$s that lets you quickly review the actions performed by members of your organization or clients in your Matomo.",
+        "SuperUserRiskCompliance": "%1$sCompliance%2$s - By having full access, super users might inadvertently violate data protection regulations, especially if they export or share data without proper oversight.",
         "HasSuperUserAccess": "Has Superuser Access",
         "AreYouSure": "Are you sure?",
         "RemoveSuperuserAccessConfirm": "Removing superuser access will leave the user with no permissions (you will have to add them afterwards).",

plugins/UsersManager/templates/index.twig

@@ -12,6 +12,7 @@
     access-levels="{{ accessLevels|json_encode }}"
     filter-access-levels="{{ filterAccessLevels|json_encode }}"
     filter-status-levels="{{ statusAccessLevels|json_encode }}"
+    activated-plugins="{{ activatedPlugins|json_encode }}"
 >
 </div>
 

plugins/UsersManager/tests/UI/UsersManager_spec.js

@@ -475,10 +475,10 @@ describe("UsersManager", function () {
 
     it('should show superuser confirm modal when the superuser toggle is clicked', async function () {
         await page.click('.userEditForm #superuser_access+span');
-        await page.waitForSelector('.modal.open');
+        const elem = await page.$('.modal.open');
         await page.waitForTimeout(500);
 
-        expect(await page.screenshotSelector('.modal.open')).to.matchImage('superuser_confirm');
+        expect(await elem.screenshot()).to.matchImage('superuser_confirm');
     });
 
     it('should fail to set superuser access if password is wrong', async function () {
@@ -518,7 +518,49 @@ describe("UsersManager", function () {
         expect(await page.screenshotSelector('.usersManager')).to.matchImage('manage_users_back');
     });
 
+    it('should display the superuser access tab when the superuser tab is clicked with ActivityLog', async function () {
+      testEnvironment.pluginsToLoad = ['ActivityLog'];
+      await testEnvironment.save();
+
+      await page.reload();
+      await page.waitForTimeout(100);
+
+      await (await page.jQuery('button.edituser:eq(0)', { waitFor: true })).click();
+      await page.waitForTimeout(250);
+      await page.waitForNetworkIdle();
+
+      await page.click('.userEditForm .menuSuperuser');
+      await page.mouse.move(0, 0);
+      await page.waitForTimeout(100);
+
+      expect(await page.screenshotSelector('.usersManager')).to.matchImage('superuser_tab_activityLog');
+    });
+
+    it('should display the superuser access tab when the superuser tab is clicked without Marketplace', async function () {
+      testEnvironment.pluginsToUnload = ['ActivityLog', 'Marketplace'];
+      await testEnvironment.save();
+
+      await page.reload();
+      await page.waitForTimeout(100);
+
+      await (await page.jQuery('button.edituser:eq(0)', { waitFor: true })).click();
+      await page.waitForTimeout(250);
+      await page.waitForNetworkIdle();
+
+      await page.click('.userEditForm .menuSuperuser');
+      await page.mouse.move(0, 0);
+      await page.waitForTimeout(100);
+
+      testEnvironment.pluginsToLoad = ['Marketplace'];
+      await testEnvironment.save();
+
+      expect(await page.screenshotSelector('.usersManager')).to.matchImage('superuser_tab_no_marketplace');
+    });
+
     it('should show the edit user form when the edit icon in a row is clicked', async function () {
+        await page.reload();
+        await page.waitForTimeout(100);
+
         await (await page.jQuery('button.edituser:eq(2)', { waitFor: true })).click();
         await page.waitForTimeout(250);
         await page.waitForNetworkIdle();