Skip to content
This repository has been archived by the owner on Jul 29, 2020. It is now read-only.

found an issue with user access level + added testing an edge case #128

Merged
merged 2 commits into from
Sep 24, 2016
Merged

found an issue with user access level + added testing an edge case #128

merged 2 commits into from
Sep 24, 2016

Conversation

sjanssen2
Copy link
Collaborator

No description provided.

@coveralls
Copy link

Coverage Status

Coverage increased (+0.09%) to 85.108% when pulling 887dd95 on sjanssen2:unittest_access_control into 489d591 on biocore:master.

wasade
wasade reviewed Sep 23, 2016
View reviewed changes
knimin/handlers/access_control.py
@@ -33,6 +33,8 @@ def post(self):

all_levels = db.get_access_levels()
user_levels = db.get_access_levels_user(user)
# TODO: I think the condition must check the access level of the logged
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this check even necessary given the handler decorator?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As far as I know, @authenticated assures that a valid user has been logged in, independent of its role in our system. Thus, a user with only "scan barcodes" role might be able to access this web site, but he should not have the right to change other users access rights.
Thus, it is necessary to have this check and we must correct it here. Otherwise, an admin can only edit other admin (or himself) rights.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I meant the class level decorator which defines the roles required iirc

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh. I never noticed that decorator. Looks like you are right and this if statement is not necessary at all.

@sjanssen2 sjanssen2 mentioned this pull request Sep 24, 2016
Closed
@coveralls
Copy link

Coverage Status

Coverage increased (+3.7%) to 88.685% when pulling 487adf3 on sjanssen2:unittest_access_control into 489d591 on biocore:master.

@wasade wasade merged commit 6c8a721 into biocore:master Sep 24, 2016
@sjanssen2 sjanssen2 deleted the unittest_access_control branch October 24, 2016 21:18
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@wasade wasade wasade left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sjanssen2 @coveralls @wasade