Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

authorization - regular users cannot access the users management page #57

Closed
amberrignell opened this issue Mar 31, 2022 · 1 comment · Fixed by #79
Closed

authorization - regular users cannot access the users management page #57

amberrignell opened this issue Mar 31, 2022 · 1 comment · Fixed by #79
Assignees
@elias-ba
Milestone
sprint 3

Comments

@amberrignell
Copy link
Contributor

amberrignell commented Mar 31, 2022
edited

When a user is not either an :admin or :superuser, accessing the User Management page (list of all users, editing a user that isn't themselves) should result in a Permission Denied page.

We need to determine a clean way of handling authorisation failures, with the equivalent of a 401 in LiveView.

We've had some success using BodyGuard, and think it makes sense to implement it here.

We can start with a simple UserPolicy module which has :view_all matcher, for more info see the BodyGuard docs.

If Stu picks this up, please talk it through with Elias when you're done.

As a superuser, I should be able to access the User management page (create, edit, etc).
As a regular user, I cannot see the user management page.
@amberrignell
Copy link
Contributor Author

Hey team! Please add your planning poker estimate with ZenHub @elias-ba @taylordowns2000 @stuartc

@amberrignell amberrignell changed the title regular users cannot access the users management page authorization - regular users cannot access the users management page Apr 1, 2022
@taylordowns2000 taylordowns2000 added this to the Sprint 2 milestone Apr 1, 2022
@elias-ba elias-ba self-assigned this Apr 12, 2022
@elias-ba elias-ba mentioned this issue Apr 19, 2022
Merged
@amberrignell amberrignell modified the milestones: Sprint 2, sprint 3 Apr 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@elias-ba elias-ba

Labels
None yet
Projects
No open projects
Lightning Sprints
Status: Done
Milestone
sprint 3
Development

Successfully merging a pull request may close this issue.

Authorization - regular users cannot access the users management page OpenFn/lightning
3 participants
@taylordowns2000 @amberrignell @elias-ba