[BUG] remove checks on quantity value convert actions #536
Conversation
|
CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅ |
|
|
I have read the CLA Document and I hereby sign the CLA |
|
Hi @aMH-techsigns I think we should check the |
Hi @robertSt7 you mean to check the user permission for the underlaying data object tree, right? If so my thinking is if this is not handeled somewhere else maybe some steps before this call can even happen? So we might do stuff we shouldnt do on this position (might be unnecessary)? As the controller is inheriting from the admin controller where a admin user should be guaranteed i feel some kind of safe :-D. But ok i got you. You mean there is missing some kind of check (security-wise). |
|
@robertSt7 I followed your suggestion and added the two permission checks. Thx |
|
@aMH-techsigns Thanks a lot for the fix. There is still a problem when the quantity value is changed the auto-save will be triggered and then it shows another error. I have alread created a follow- up for this. #544 |
Resolves: #434
Remove checkPermission method on specific rights for quantity value convert endpoints.
Additional info
It seems not necessary to provide specific checks while using convert functions for quanity values. Futhermore if you giving the user the quantityValueUnits access right the user can edit all scale units. That seems not correct at least in our use case where just users with higher level access rights should be able to edit scale units.