-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
User with Staff role can approve contracts #3736
Conversation
ARDC had an issue with this. A user with contracting + staff role was not allowed to approve contracts. I think it should be ok to let any user with staff role approve contracts. |
@@ -34,7 +34,7 @@ def can_approve_contract(user, project, **kwargs): | |||
if not user.is_authenticated: | |||
return False, "Login Required" | |||
|
|||
if user.is_apply_staff and not user.is_contracting and not user.is_applicant: | |||
if user.is_apply_staff: | |||
return True, "Only Staff can approve the contract" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If removing is_applicant
then maybe ensure that the user approving is not applicant or partner on the project? I am assuming it's going be rare but just thinking around least privilege point of view.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point.
2090c62
to
a1727e7
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Back then it was the requirement to hide it from Staff+contracting role because the user with Staff + contracting role can upload the contract and also can approve the contract but as of now, we have provided an option of uploading the contract to the staff as well so I think it is good to loosen up the approve permission as well.
* main: User with Staff role can approve contracts (#3736) Add server side previews to the application workflow (#3725) Move cookieconsent settings to generic settings (#3722) Remove public "standard_pages" app (#3721) Remove public "funds" app (#3720) Update github actions. (#3740) Remove public "forms" pages app (#3719) Remove public "projects" app (#3718) Remove "people" app (#3739) Remove public "partners" app (#3716)
Fixes #3735