-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hide invalid edit button #2814
Comments
hello! i would be happy to take this on. I have some questions though that would need clarification. disclaimer i am new to this open source project & clojure but want to learn! After taking some time to dig into the roles within the system i noticed that there are In the current implementation of the catalogue item list all buttons are shown which are View, Edit, Enable, and Archive. This is due to a check occurring that allows these buttons to be shown if the user is has Going off the initial spec of hiding the Edit button from users who are not owner's of that catalogue item, should we also hide Enable and Archive from those users as well? If not, should any organization owner have the ability to Enable or Archive a catalogue item? I would think a user can only do that iff the catalogue item belongs to the organization they are an owner of or if the user is the owner of that catalogue item. I can achieve the intent result of hiding the Edit button by wrapping the edit button with please correct me if i am wrong in any of my assumptions above. i appreciate the guidance and look forward to making a pull request for this. |
Hello! So an As a side-note, the You are well on the right path. For the A pure role-level check is not going to be enough for the You are correct that it would be nice to have Enable and Archive there as well. P.S. Here is a useful page that is autogenerated from the domain. It lists which sort of things are possible for which user. Unfortunately these are only for application handling, and not for the domain objects. https://github.com/CSCfi/rems/blob/master/docs/application-permissions.md |
@Macroz thanks a ton for the detailed response to my, perhaps annoying, questions! I started to dig and work on a solution last night to check the if the user matches their owned organizations and will use your suggestion to look at I should be able to have a PR up by next week! |
I think we could still improve with the buttons on the details page so I have updated this issue and reopened it. |
We should hide the edit button from the organization owner if the catalogue item etc. is not theirs to edit. They can access the page and get an error from the API at the moment.
The text was updated successfully, but these errors were encountered: