User with Staff role can approve contracts #3736
Conversation
frjo
changed the title
|
ARDC had an issue with this. A user with contracting + staff role was not allowed to approve contracts. I think it should be ok to let any user with staff role approve contracts. |
| @@ -34,7 +34,7 @@ def can_approve_contract(user, project, **kwargs): | |||
| if not user.is_authenticated: | |||
| return False, "Login Required" | |||
|
|
|||
| if user.is_apply_staff and not user.is_contracting and not user.is_applicant: | |||
| if user.is_apply_staff: | |||
| return True, "Only Staff can approve the contract" | |||
There was a problem hiding this comment.
If removing is_applicant then maybe ensure that the user approving is not applicant or partner on the project? I am assuming it's going be rare but just thinking around least privilege point of view.
frjo
force-pushed
the
fix/logic_in_can_approve_contract
branch
from
2090c62
to
a1727e7
Compare
There was a problem hiding this comment.
Back then it was the requirement to hide it from Staff+contracting role because the user with Staff + contracting role can upload the contract and also can approve the contract but as of now, we have provided an option of uploading the contract to the staff as well so I think it is good to loosen up the approve permission as well.
frjo
changed the title
frjo
added
Type: Enhancement
* main: User with Staff role can approve contracts (#3736) Add server side previews to the application workflow (#3725) Move cookieconsent settings to generic settings (#3722) Remove public "standard_pages" app (#3721) Remove public "funds" app (#3720) Update github actions. (#3740) Remove public "forms" pages app (#3719) Remove public "projects" app (#3718) Remove "people" app (#3739) Remove public "partners" app (#3716)
Fixes #3735