Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

1258 - Improve permission checks in the backend #1259

Closed
wants to merge 22 commits into from
Closed

1258 - Improve permission checks in the backend #1259

wants to merge 22 commits into from

Conversation

legendword
Copy link
Contributor

@legendword legendword commented Sep 27, 2022
edited
Loading

Changes

  • Modify checks in TapestryHelpers::userIsAllowed (backend) to align with Helper.hasPermission (frontend).
  • Change the action names used for node permission checks to lower case to match the frontend action names.
  • Introduce UserActions constant class for backend which is a replica of the userActions constant in the frontend.
  • Add "move" to the list of user actions.
  • Fix a bug where admins cannot directly publish child nodes to a rejected node due to not passing showRejected value in the calls to Helpers.hasPermission in node modal.
  • When adding a child node, the frontend now only calls the addNode endpoint instead of both the addNode and addLink endpoints; the addNode endpoint in the backend now takes care of adding the link from parent to child as well as doing some permission checks before adding the child node.
  • No longer conditionally update childOrdering of parent node when adding a child node. The childOrdering of parent node is always updated when adding a child node.
  • Always show multi-content child nodes and hidden nodes to the admin, even when the admin does not have edit permission on those nodes (this can happen for draft nodes submitted by other users).
  • Hide the "edit" button in the SubItemTable used for showing video popups and multi-content child nodes when the user does not have edit permission (it's much better to hide the button instead of alert the user that they do not have edit permission when they click on the button) (again, this can happen for draft nodes submitted by other users).

Issue Linkage

Closes #1258

PR Dependency

Depends on: #1222

@legendword
Copy link
Contributor Author

New change: The "Edit" button will not show up when the user has no edit permission on that subitem (this applies to a draft node submitted by other users, such as the "Draft A" and "Draft A Private" nodes in the screenshot):

image

@legendword legendword added the needs final review Has been tested and reviewed once and needs another code review to become ready for merge label Sep 30, 2022
This was referenced Oct 1, 2022
Closed
Closed
@wynnset wynnset changed the title 1258 - Improve permission checks in the backend 1258 - Tapestry 3.0 - Improve permission checks in the backend Oct 19, 2022
@cypress
Copy link

cypress bot commented Oct 21, 2022
edited
Loading


Test summary

93 0 0 0Flakiness 0

Run details
Project tapestry-wp
Status Passed
Commit a1d9d1e
Started Dec 13, 2022 5:49 AM
Ended Dec 13, 2022 5:53 AM
Duration 04:50 💡
OS Linux Ubuntu - 22.04
Browser Chrome 108

View run in Cypress Dashboard ➡️

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Dashboard

@legendword legendword linked an issue Oct 31, 2022 that may be closed by this pull request
Improve permission checks in the backend #1258
Closed
@legendword legendword mentioned this pull request Nov 9, 2022
Closed
@wynnset
Copy link
Collaborator

wynnset commented Jan 4, 2023
edited
Loading

@legendword I think this should be rebased on top of master since it is not 3.0-related and should be available in 2.0 as well! Could you please rebase it?

We'll need to then also rebase the base 3.0 branch (#1219) on this PR.

@wynnset wynnset changed the title 1258 - Tapestry 3.0 - Improve permission checks in the backend 1258 - Improve permission checks in the backend Jan 4, 2023
@wynnset wynnset assigned legendword and unassigned wynnset Jan 4, 2023
@wynnset wynnset added needs refactoring Code refactoring required and removed needs final review Has been tested and reviewed once and needs another code review to become ready for merge labels Jan 4, 2023
@legendword
Copy link
Contributor Author

This pull request is replaced by #1303 which is based on the master branch.

@legendword legendword closed this Jan 4, 2023
@wynnset wynnset deleted the 1258-improve-permission-checks branch January 18, 2023 03:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@legendword legendword

Labels
needs refactoring Code refactoring required
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Improve permission checks in the backend
2 participants
@legendword @wynnset