Skip to content
This repository was archived by the owner on Mar 13, 2025. It is now read-only.
This repository was archived by the owner on Mar 13, 2025. It is now read-only.

Don't allow user access Edit Job/RB page if user don't have permissions to edit it #117

Open
Open
Don't allow user access Edit Job/RB page if user don't have permissions to edit it#117
Labels
enhancementNew feature or request
@maxceem

Description

@maxceem
maxceem
opened on Feb 25, 2021

Follow up from #83 (comment)

Sum up:

  • Some users cannot edit Jobs and Resource Bookings
  • So they don't see buttons to "Edit"
  • But they can still access pages with an edit form
  • If they try to edit it on Edit Form they would get error from the server that they don't have permissions
  • So generally we are safe as users who don't have permission to edit could not edit. And users would not see any secret data on the edit pages, as these pages only show data which user already can see.
  • But to make thing clear, when user access page to Edit Job or RB they should get an error that they don't have permission to access this page. So they even should not see the edit form, to make it clear for them.
  1. Connect Manager and users who are just member of the project(not created the job/project) are able to access the Edit Job page through URL . Not able to edit though
for_connectmanager_able toaccess member_access_edit page
  1. Similar issue with edit resource booking page.

image
image

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions