Details
-
Bug
-
Resolution: Fixed
-
Major
-
COmanage Registry 3.3.0 (Magic Ring)
-
COmanage Onboarding Sprint
Description
The context here is a CoPerson authenticating and viewing her own canvas.
The current code in the Identifiers controller for isAuthorized() requires that in order to have view permissions on an identifier the user must be a platform, CO admin, or managing COU admin. In other words, the user does not have view permissions on her own identifiers.
If that is correct, then the canvas view for the CoPeople controller should not render "View" buttons next to identifiers and should not hyperlink the value of the identifier to the view action.
See the attached screen shot.
Clicking on "View" next to the MESS ID or on the identifier value itself results in "Permission Denied".
Attachments
Issue Links
- is related to
-
CO-1869 "View" action buttons rendered on CoPerson and OrgId canvases when they should not be (or views are inaccessible that should be)
- Resolved