Uploaded image for project: 'COmanage'
  1. COmanage
  2. CO-1856

Canvas displays View button for identifiers when it should not for non-admins

    XMLWordPrintable

Details

    • COmanage Onboarding Sprint

    Description

      The context here is a CoPerson authenticating and viewing her own canvas.

      The current code in the Identifiers controller for isAuthorized() requires that in order to have view permissions on an identifier the user must be a platform, CO admin, or managing COU admin. In other words, the user does not have view permissions on her own identifiers.

      If that is correct, then the canvas view for the CoPeople controller should not render "View" buttons next to identifiers and should not hyperlink the value of the identifier to the view action.

      See the attached screen shot.

      Clicking on "View" next to the MESS ID or on the identifier value itself results in "Permission Denied".

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. CO-1869 "View" action buttons rendered on CoPerson and OrgId canvases when they should not be (or views are inaccessible that should be)

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              jonathan.gabel@at.internet2.edu Jonathan Gabel (google.com)
              scott.koranda.3@at.internet2.edu Scott Koranda SCG (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: