Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature Request]: Encrypted fields visibility for Non-Admins #15366

Closed
r-xyz opened this issue Aug 22, 2024 · 7 comments
Closed

[Feature Request]: Encrypted fields visibility for Non-Admins #15366

r-xyz opened this issue Aug 22, 2024 · 7 comments

Comments

@r-xyz
Copy link
Contributor

r-xyz commented Aug 22, 2024

Is your feature request related to a problem? Please describe.

Currently encrypted fields are only viewable and editable by users with admin role.
image
Nonetheless, granting admin role will also grant all other permissions.

Describe the solution you'd like

A better granularity would be desirable, so managers could for example add new assets (filling also encrypted fields) but cannot edit Users.

A possible solution would be to add additional permissions for encrypted fields, similar to "Custom fields"
image

Describe alternatives you've considered

No response

Additional context

No response

Copy link

welcome bot commented Aug 22, 2024

👋 Thanks for opening your first issue here! If you're reporting a 🐞 bug, please make sure you include steps to reproduce it. We get a lot of issues on this repo, so please be patient and we will get back to you as soon as we can.

@snipe
Copy link
Owner

snipe commented Aug 22, 2024

Ability to view and edit encrypted custom fields is set on the asset permission.
Screenshot 2024-08-22 at 9 49 34 AM

@r-xyz
Copy link
Contributor Author

r-xyz commented Aug 22, 2024

Thanks @snipe for the quick reply. You are right, I should have double checked. Then I am afraid it is a bug report.

Users with those permissions enabled can view the encrypted fields and copy them, but they cannot edit them.

When editing an asset, the value is showed in the corresponding field. Though if they modify and save, no error is shown, but the field is not updated.

Asset view detail:
image
Asset view edit detail:
image

@r-xyz
Copy link
Contributor Author

r-xyz commented Aug 22, 2024

Steps to reproduce

  1. Create a non-admin user and give it all asset permissions
  2. Create an asset with at least one encrypted field
  3. Login as the user. Verify the encrypted field is viewable.
  4. Edit the asset encrypted fields. Save. Verify it succeed.
  5. Reopen the edit view. Verify the value has not changed.

@r-xyz
Copy link
Contributor Author

r-xyz commented Aug 22, 2024

Shall I close and reopen as bug report?

@swift2512
Copy link

Can confirm on pulled newest master. If user isn't set as admin, his edits of encrypted fields doesn't save. In debug mode could find errors or warnings.

snipe added a commit that referenced this issue Aug 22, 2024
snipe added a commit that referenced this issue Aug 22, 2024
Fixed #15366 use the non-admin edit encrypted custom fields permissions
@snipe snipe closed this as completed Aug 22, 2024
@r-xyz
Copy link
Contributor Author

r-xyz commented Sep 7, 2024

Thanks again! :) Looking forward for next release!

FlorentDotMe pushed a commit to TelecomsSansFrontieres/snipe-it that referenced this issue Sep 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants