Skip to content

HEEDLS-438 Fix user permissions for course admin fields pages #616

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 15 commits into from
Oct 1, 2021
Merged

HEEDLS-438 Fix user permissions for course admin fields pages #616

merged 15 commits into from
Oct 1, 2021

Conversation

@livzorn
Copy link
Contributor

@livzorn livzorn commented Sep 21, 2021
edited
Loading

JIRA link

HEEDLS-438

Description

Added a check in AdminFieldsController that verifies the user can access the selected course on the following pages: Manage admin fields, Edit admin field, Configure answers in bulk (in edit and add journeys), Remove admin field, and Add admin field. Only AdminUsers with the correct CentreID and CategoryID should be able to access these pages. This means that they have the same CentreID as the customisation, and either have the same CategoryID as the customisation's course category OR CategoryID = 0, which means they can manage all courses. If a customisationID that the user cannot access is entered in the url they should be directed to a NotFound page.

I also fixed the capitalization of the (ViewData["Title"]) on all the course admin fields pages.

Screenshots

image

Developer checks

I have:

  • Run the formatter and made sure there are no IDE errors.
  • Written tests for the changes (controller, data services, services, view models etc) and manually tested my work with and without JavaScript. Full manual testing guidelines can be found here: https://softwiretech.atlassian.net/wiki/spaces/HEE/pages/6703648740/Testing
  • Updated/added documentation in Swiki and/or Readme.
  • Updated my Jira ticket with information about other parts of the system that were touched as part of the MR and have to be sanity tested to ensure nothing’s broken.
  • Scanned over my own MR to ensure everything is as expected.

DanBloxham-sw
DanBloxham-sw reviewed Sep 22, 2021
View reviewed changes
Copy link
Contributor

@DanBloxham-sw DanBloxham-sw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couple of minor things to double check.

@livzorn livzorn force-pushed the HEEDLS-438-add-course-admin-fields branch from b6c9e4b to 6f0e6f5 Compare September 23, 2021 15:10
stellake
stellake reviewed Sep 24, 2021
View reviewed changes
@livzorn livzorn force-pushed the HEEDLS-438-add-course-admin-fields branch from 6f0e6f5 to 9b75755 Compare September 28, 2021 13:34
stellake
stellake suggested changes Sep 30, 2021
View reviewed changes
stellake
stellake reviewed Oct 1, 2021
View reviewed changes
OliZor added 14 commits October 1, 2021 11:26
HEEDLS-438 Change casing of page titles
089d01b
HEEDLS-438 Return NotFound if user cannot access course
a5398cb
HEEDLS-438 Refactor VerifyUserCanAccessCourse
04239d8
HEEDLS-438 Add tests for verifying user can access course
8bba4ff
HEEDLS-438 Rename VerifyAdminUserCanAccessCourse and add extra tests
dc2497e
HEEDLS-438 Create service filter for VerifyAdminUserCanAccessCourse
68d91fb
HEEDLS-438 Remove categoryId from courseAdminFields methods, and chan…
292303b 
…ge data service method for Service Filter to return a bool
HEEDLS-438 Remove CustomisationId from admin fields models, and other…
5893412 
… markups
HEEDLS-438 Change bulk post action names and url
eac12cd
HEEDLS-439 Fix name change in tests
5e02842
HEEDLS-438 Fix Bulk post and split add and edit bulk answers models a…
7aa2b12 
…nd views
HEEDLS-438 Remove isAddPromptJourney from tests
8a588d5
HEEDLS-438 Fix typo in DoesCourseExistAtCentre
94be644
HEEDLS-438 Refactor and create GetRouteValues html extension
b70791e
@livzorn livzorn force-pushed the HEEDLS-438-add-course-admin-fields branch from 0cd569e to b70791e Compare October 1, 2021 10:26
stellake
stellake approved these changes Oct 1, 2021
View reviewed changes
Copy link
Contributor

@stellake stellake left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added 3 really minor comments, but otherwise looks good. No need to re-review 👍

@livzorn livzorn merged commit fbff1e8 into master Oct 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@stellake stellake stellake approved these changes

@DanBloxham-sw DanBloxham-sw DanBloxham-sw approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@livzorn @stellake @DanBloxham-sw