feat: Update permissions #926
Conversation
Update permissions on taxonomies view to allow to show taxonomies outside course organization.
openedx-webhooks
added
the
open-source-contribution
|
Thanks for the pull request, @ChrisChV! Please note that it may take us up to several weeks or months to complete a review and merge your PR. Feel free to add as much of the following information to the ticket as you can:
All technical communication about the code itself will be done via the GitHub pull request interface. As a reminder, our process documentation is here. This is currently a draft pull request. When it is ready for our review and all tests are green, click "Ready for Review", or remove "WIP" from the title, as appropriate. |
| // All taxonomies to verify if exists object tags in other taxonomy that does not belong to the organization. | ||
| const { data: allTaxonomyListData, isSuccess: isAllTaxonomyListLoaded } = useTaxonomyList(undefined, contentId); |
There was a problem hiding this comment.
Hi @ChrisChV !
This call (even if we don't explicitly include an Org) will filter out the taxonomies on which the user has no permission (i.e. taxonomies from other/no orgs).
I'm getting it wrong here?
There was a problem hiding this comment.
In the testing I have done, the Test taxonomy does not belong to any organization. So currently it doesn't filter those permissions 🤔
There was a problem hiding this comment.
I think we have two different cases:
1 - In the one you show, the user have permission to access the taxonomy (because he is the staff?).
2 - Another case is when the user is not staff (so he can't see no-org taxonomies or taxonomies from org that he doesn't have permission)
We have 1 covered. Do we need to worry about 2?
Update permissions on taxonomies view to allow to show taxonomies outside course organization.