Fixes #13935 - Adjust permissions to promote a version #6536
Conversation
:promote_or_remove_content_views permission (on ContentView resource) is not enough for non-admin users to promote a content view, they need :promote_or_remove_content_views_to_environments (on KTEnvironment resource) as well. I think the former can work on its own and the latter can be removed.
|
@xprazak2, thanks for your PR! By analyzing the history of the files in this pull request, we identified @jlsherrill, @ehelms and @waldenraines to be potential reviewers. |
|
[test] |
|
@xprazak2 I'm not sure i agree that the one permission should be sufficient. The idea being that some junior admin may be able to publish and promote some views to QE, but not to production. Only a senior admin should be able to promote to production. This would require these two permissions. Thoughts? |
|
It seemed to me like you needed both permissions to promote to any environment. I was not able to promote anything running as non-admin with only :promote_or_remove_content_views. Maybe I missed how we add permissions to individual environments. I will take another look at it. |
|
@xprazak2 correct, the way it is designed is that both permissions are required. Otherwise there would be no way to restrict both which content views a user could promote, and which lifecycle environments that user could promote to, right? |
|
Right, that makes sense. If it is by design then I think we can close this and I will raise an issue with the docs so there are no confusions in the future. |
|
closing thanks @xprazak2 ! |
:promote_or_remove_content_views permission (on ContentView resource)
is not enough for non-admin users to promote a content view,
they need :promote_or_remove_content_views_to_environments
(on KTEnvironment resource) as well. I think the former can work on
its own and the latter can be removed.