Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR fixes some inconsistencies between admin display and real permissions.
Views
Reuse view
Actions buttons, reused datasets list and image picker need reuse edit permissions.
Dataset view
Actions button needs dataset edit permissions
Organization view
Changing logo needs organization admin permissions
User view
This view is used as me view (
user==me
) and user view (user==any user
).Actions and image picker needs edit permissions (ie. either be the displayed user or be an admin)
Post/Topic
Every action needs admin permissions
Components
Some components needed an
editable
(boolean) property.image-button
: change avatar or associated image only when allowedcard-list
: the edit action needs permissionNote
Even if actions and sidebar entries are not present when not having permissions, views can be displayed with a valid copy-pasted URL.
We might need another PR to admin permissions to routing or to properly handles permission on admin-only views as they are not really admin only.