Fix permissions for licence summary #974
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https://eaflood.atlassian.net/browse/WATER-4432 https://eaflood.atlassian.net/browse/WATER-4457 What tabs a user sees on the view licence page needs to be determined based on their permissions. Everyone should be able to see - Summary - Contact Details - Returns - Communications Any one in the National Permitting Service also needs to be able to see 'Charge Information'. The only team with access to 'Bills' is Billing & Data. WATER-4432 got all that working but we overlooked something when we update the 'tech' to allow us to load tabs in isolation ( WATER-4457 ). Each tab will now have its own endpoint which means we also need to take into account the `scope` we assign to those routes. Those tabs that all users should be able to see need to have no `scope` to make them work. But back when we initially started hacking our version of the page we just copy & pasted an existing route which had the 'billing' scope assigned. This means only a Billing & Data user can get to our licence page! This change fixes the issue by removing the scope from the licence summary endpoint (the one endpoint we have built at this time!) > Note - this just removes the permission. It doesn't mean an unauthenticated user can now access the endpoint.
Cruikshanks
requested review from
Demwunz,
robertparkinson,
Jozzey,
jonathangoulding,
Beckyrose200 and
rvsiyad
robertparkinson
approved these changes
May 3, 2024
jonathangoulding
approved these changes
May 3, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://eaflood.atlassian.net/browse/WATER-4432
https://eaflood.atlassian.net/browse/WATER-4457
What tabs a user sees on the view licence page needs to be determined based on their permissions. Everyone should be able to see
Anyone in the National Permitting Service also needs to be able to see 'Charge Information'. The only team with access to 'Bills' is Billing & Data.
WATER-4432 got all that working but we overlooked something when we updated the 'tech' to allow us to load tabs in isolation ( WATER-4457 ). Each tab will now have its endpoint which means we also need to take into account the
scopewe assign to those routes.Those tabs that all users should be able to see need to have no
scopeto make them work. But back when we initially started hacking our version of the page we just copied & pasted an existing route which had the 'billing' scope assigned. This means only a Billing & Data user can get to our licence page!This change fixes the issue by removing the scope from the licence summary endpoint (the one endpoint we have built at this time!)