Bug #5658: Review permission checking in the manager - Authentic 2 - Redmine Entr’ouvert

Bug #5658

Review permission checking in the manager

Ajouté par Benjamin Dauvergne il y a plus de 9 ans. Mis à jour il y a environ 9 ans.

Statut:

Rejeté

Priorité:

Normal

Assigné à:

-

Catégorie:

-

Version cible:

-

Début:

09 octobre 2014

Echéance:

% réalisé:

0%

Temps estimé:

Patch proposed:

Non

Planning:

Description

Listing views and edit views should be accessible if any of change, add or delete is available, a new decorator should be used with the signature
any_permission_required(model_name, raise_exception=False).
Edit views should return Http403 on POST if change permission is unavailable, and not on any access
Buttons to delete should be disabled if delete is unavailable, a tooltip must be added stating the permission is missing from the user
Buttons to add should be disabled if add is unavailable, a tooltip must be added stating the permission is missing from the user
Edit form on user and roles should be disabled if change permission on roles or users is not available and a message should be displayed
Add user to role form should be disabled if change permission on roles is unavailable

Demandes liées

Historique

#1

Mis à jour par Thomas Noël il y a plus de 9 ans

Description mis à jour (diff)

#2

Mis à jour par Benjamin Dauvergne il y a environ 9 ans

Statut changé de Nouveau à Rejeté

It will be done as part of the new work on access control and RBAC.

#3

Mis à jour par Benjamin Dauvergne il y a environ 9 ans

Lié à Development #751: Improve the manager based on RBAC ajouté

Formats disponibles : Atom PDF