Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforce permission for archivable and lockable entities #1577

Merged
merged 1 commit into from
Sep 9, 2016
Merged

Enforce permission for archivable and lockable entities #1577

merged 1 commit into from
Sep 9, 2016

Conversation

jrjohnson
Copy link
Member

@jrjohnson jrjohnson commented Sep 9, 2016
edited

We were using a 'modify' keyword as well as doing voter lookup by
allowing a single yes voter to grant permissions. Instead we need to
check with all voters and ensure we are looking for both 'delete' and
'modify' permissions.

Fixes #1576

@jrjohnson jrjohnson force-pushed the 1576-access branch 2 times, most recently from 9a7fdfb to 7bed789 Compare September 9, 2016 09:43
@jrjohnson
Enforce all permission for archivable and lockable entities
03d70a8 
We were using a 'modify' keyword as well as doing voter lookup by
allowing a single yes voter to grant permissions.  Instead we need to
check with all voters.s

Also prevent rolling over courses if the user does not have permission
@thecoolestguy
Copy link
Member

@homu r+

@homu
Copy link
Contributor

homu commented Sep 9, 2016

📌 Commit 03d70a8 has been approved by thecoolestguy

@homu
Copy link
Contributor

homu commented Sep 9, 2016

⚡ Test exempted - status

@homu homu merged commit 03d70a8 into ilios:master Sep 9, 2016
homu added a commit that referenced this pull request Sep 9, 2016
@homu
Auto merge of #1577 - jrjohnson:1576-access, r=thecoolestguy
8015ebe 
Enforce permission for archivable and lockable entities

We were using a 'modify' keyword as well as doing voter lookup by
allowing a single yes voter to grant permissions.  Instead we need to
check with all voters and ensure we are looking for both 'delete' and
'modify' permissions.

Fixes #1576
@jrjohnson jrjohnson deleted the 1576-access branch September 9, 2016 18:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@thecoolestguy thecoolestguy

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@jrjohnson @thecoolestguy @homu @saschaben