Skip to content

fix: permission rules for connect manager #87

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

Conversation

imcaizheng
Copy link
Contributor

Summary

  • Connect manager now can act like a regular user regarding permissions.
  • Regular user can update any candidate of a job if the regular user can access the project associated with the job.
  • In postman collection folder Test Permission Rules > Request with Connect Manager Role is updated to reflect the permission changes.
  • In postman collection small typos in request Test Permission Rules > ✘ create job candidate with member and request Test Permission Rules > ✘ create resource booking with member are corrected.

Copy link
Contributor

@maxceem maxceem left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @imcaizheng.

  1. Connect Manager still cannot create a Job even if the user is a member of the project:
    Example:

    • project 16843
    • user pshahcopmanag2
    • image

    I would like to note one thing. Connect Manager users can access all the projects because they have a powerful role. But they should be only allowed to create jobs in the projects where they are members:

    image

    At the moment we always use check for Topcoder Users: if user can access project, means user is a member of the project. This is true for Topcoder Users, but not for Connect Managers because Connect Managers can access projects even if they are not members of that project.

    Though at the moment, Connect Managers cannot create Job even they are members or no.

  2. The same like above Connect Manager cannot update JobCandidates even if a member of the project:

    image

@imcaizheng
Copy link
Contributor Author

imcaizheng commented Jan 3, 2021

@maxceem I reckoned that you got the Forbidden error is because pshahcopmanag2 was not yet created in /v5/users. In this case the app would try to create a new v5 user of pshahcopmanag2, due to AUTH0 credential issue we have previously discussed, it would simple fail with error message POST /v5/users (403).

I have manually created user pshahcopmanag2 in v5/users, so this user can be used in verification.

Copy link
Contributor

@maxceem maxceem left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@imcaizheng works good for me locally.

Merging this PR so the QA team could verify it on DEV.

@maxceem maxceem merged commit e553e9e into topcoder-platform:dev Jan 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants