You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
In our Snipe-IT installation (at my workplace), we have a group called Regular Users, and the permissions of this group do not allow its users to edit or create assets, nor to create labels.
When a user from this group goes to the Assets > List All page, they can see a dropdown menu at the top-left side of the table, which contains "Edit", "Delete", and "Generate Labels".
However, when they select the checkbox next to an asset and then select one of these options on the dropdown, and click the Go button, they get an error page saying "403 Forbidden" - "You are not authorized to do the thing".
Obviously the error is correct - they are indeed not authorised to edit or delete the asset, nor to create a label.
The problem is that they shouldn't see this dropdown menu in the first place, as it gives them the false impression that they can edit or delete assets, and then they conclude that Snipe-IT is broken when they get the 403 error.
On a similar note, these users can also see the Delete button in the Actions column (the red square with a trashcan icon), even though they don't have this permission. The button itself is disabled, but the point is that they can still see it. The other action buttons in that column (Clone and Update) are hidden, so I think the Delete button should be hidden there too, to avoid confusion.
Please see this screenshot, where I've put a red circle around the two things I'm referring to here: https://i.imgur.com/1H6bKMF.png
Describe the solution you'd like
The entire dropdown menu, at the top-left side of the table, should be hidden for users who don't have the permissions to do any of the actions in the menu.
The red trashcan "Delete" button should be hidden from the Actions column, for users who don't have the Delete permission, just as the Clone and Update buttons are already hidden.
Describe alternatives you've considered
No response
Additional context
No response
The text was updated successfully, but these errors were encountered:
👋 Thanks for opening your first issue here! If you're reporting a 🐞 bug, please make sure you include steps to reproduce it. We get a lot of issues on this repo, so please be patient and we will get back to you as soon as we can.
On a similar note, these users can also see the Delete button in the Actions column (the red square with a trashcan icon), even though they don't have this permission. The button itself is disabled, but the point is that they can still see it.
On a similar note, these users can also see the Delete button in the Actions column (the red square with a trashcan icon), even though they don't have this permission. The button itself is disabled, but the point is that they can still see it.
That's on purpose, to keep visual consistency.
Okay. But if this button is kept on purpose for visual consistency, then why are the Clone and Update buttons hidden? Surely it should be the case, that either all buttons in this column are hidden (if the user lacks the permissions), or none of them are?
Is your feature request related to a problem? Please describe.
In our Snipe-IT installation (at my workplace), we have a group called Regular Users, and the permissions of this group do not allow its users to edit or create assets, nor to create labels.
When a user from this group goes to the Assets > List All page, they can see a dropdown menu at the top-left side of the table, which contains "Edit", "Delete", and "Generate Labels".
However, when they select the checkbox next to an asset and then select one of these options on the dropdown, and click the Go button, they get an error page saying "403 Forbidden" - "You are not authorized to do the thing".
Obviously the error is correct - they are indeed not authorised to edit or delete the asset, nor to create a label.
The problem is that they shouldn't see this dropdown menu in the first place, as it gives them the false impression that they can edit or delete assets, and then they conclude that Snipe-IT is broken when they get the 403 error.
On a similar note, these users can also see the Delete button in the Actions column (the red square with a trashcan icon), even though they don't have this permission. The button itself is disabled, but the point is that they can still see it. The other action buttons in that column (Clone and Update) are hidden, so I think the Delete button should be hidden there too, to avoid confusion.
Please see this screenshot, where I've put a red circle around the two things I'm referring to here:
https://i.imgur.com/1H6bKMF.png
Describe the solution you'd like
The entire dropdown menu, at the top-left side of the table, should be hidden for users who don't have the permissions to do any of the actions in the menu.
The red trashcan "Delete" button should be hidden from the Actions column, for users who don't have the Delete permission, just as the Clone and Update buttons are already hidden.
Describe alternatives you've considered
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: