Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug/2243 Users without the Publish Permission on a namespace can see … #2246

Merged
merged 1 commit into from
Jan 24, 2020
Merged

bug/2243 Users without the Publish Permission on a namespace can see … #2246

merged 1 commit into from
Jan 24, 2020

Conversation

ghost
Copy link

@ghost ghost commented Jan 21, 2020

…the Publish button

  • changed the pre-authorization of ModelRepositoryController#getPolicies to all users
  • added call to above endpoint in detailsController to infer whether user can publish
  • replaced permission check in template to use flag from controller rather than full access permission

Signed-off-by: Menahem Julien Raccah Lisei [email protected]

@menajrl
bug/2243 Users without the Publish Permission on a namespace can see …
2bdfcb8 
…the Publish button

* changed the pre-authorization of ModelRepositoryController#getPolicies to all users
* added call to above endpoint in detailsController to infer whether user can publish
* replaced permission check in template to use flag from controller rather than full access permission

Signed-off-by: Menahem Julien Raccah Lisei <[email protected]>
@ghost ghost mentioned this pull request Jan 21, 2020
Closed
kolotu
kolotu approved these changes Jan 22, 2020
View reviewed changes
Copy link
Contributor

@kolotu kolotu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, since you filter the policies and only return those for the user.

@kolotu kolotu requested a review from aedelmann January 22, 2020 07:43
@ghost
Copy link
Author

ghost commented Jan 22, 2020

Looks good to me, since you filter the policies and only return those for the user.

And the user is inferred in the back-end, not given by the front-end, so there's no using this endpoint to check on permissions for other users either.

@kolotu kolotu removed the request for review from aedelmann January 24, 2020 09:04
@kolotu kolotu merged commit ad8ee26 into eclipse-vorto:development Jan 24, 2020
@kolotu kolotu deleted the bug/2243_Users_without_the_Publish_Permission_on_a_namespace_can_see_the_Publish_button branch January 24, 2020 09:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kolotu @menajrl