Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes admin missing permissions #2308

Merged
merged 6 commits into from Sep 10, 2019
Merged

Fixes admin missing permissions #2308

merged 6 commits into from Sep 10, 2019

Conversation

noirbizarre
Copy link
Contributor

This PR fixes some inconsistencies between admin display and real permissions.

Views

Reuse view

Actions buttons, reused datasets list and image picker need reuse edit permissions.

Dataset view

Actions button needs dataset edit permissions

Organization view

Changing logo needs organization admin permissions

User view

This view is used as me view (user==me) and user view (user==any user).
Actions and image picker needs edit permissions (ie. either be the displayed user or be an admin)

Post/Topic

Every action needs admin permissions

Components

Some components needed an editable (boolean) property.

  • image-button: change avatar or associated image only when allowed
  • dataset and reuse card-list: the edit action needs permission

Note

Even if actions and sidebar entries are not present when not having permissions, views can be displayed with a valid copy-pasted URL.
We might need another PR to admin permissions to routing or to properly handles permission on admin-only views as they are not really admin only.

@noirbizarre noirbizarre requested a review from a team September 9, 2019 16:03
abulte
abulte approved these changes Sep 10, 2019
View reviewed changes
Copy link
Contributor

@abulte abulte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🍾

@noirbizarre noirbizarre merged commit eb08ea6 into opendatateam:master Sep 10, 2019
@noirbizarre noirbizarre deleted the gh2299-admin-missing-permissions branch September 10, 2019 09:06
This was referenced Sep 10, 2019
Merged
Merged
@abulte abulte mentioned this pull request Sep 25, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abulte abulte abulte approved these changes

Assignees
No one assigned
Labels
admin bug security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@noirbizarre @abulte