Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bulk Update Connection Request Button Security #5525

Closed
1 task done
mkinyon opened this issue Jul 20, 2023 · 0 comments
Closed
1 task done

Bulk Update Connection Request Button Security #5525

mkinyon opened this issue Jul 20, 2023 · 0 comments
Labels
Fixed in v16.0

Comments

@mkinyon
Copy link
Contributor

mkinyon commented Jul 20, 2023

Please go through all the tasks below

  • Check this box only after you have successfully completed both the above tasks

Please provide a brief description of the problem. Please do not forget to attach the relevant screenshots from your side.

The Bulk Update Connection Requests grid action has some strange view security behavior. The button looks at the /LaunchWorkflow/0 page to determine security.

image

Instead, it should get security permissions from the Connection Requests Bulk Update page.
image

Expected Behavior

Security should be determine by the Connection Requests Bulk Update page.

Actual Behavior

Security is determine by the Launch Workflow page.

Steps to Reproduce

This can be reproduced by logging in as someone who doesn't have view rights to the Launch Workflow page and then go look at the connection request board page.

Rock Version

v14.3, develop

Client Culture Setting

en-US
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Fixed in v16.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mkinyon @MrUpsideDown