Uploaded image for project: 'COmanage'
  1. COmanage
  2. CO-2633

Insufficient Permission Calculation on Petition Index

    XMLWordPrintable

Details

    Description

      The "View" buttons on the CoPetitions index view render if edit or approve permissions are true for the current user (and similarly "Delete" renders for delete or deny permissions). However, these permissions are calculated once for the index view instead of on a per-record basis.

      Approve (and deny) permission should be calculated on a per-record basis, since permission to approve can depend on the configuration of the Enrollment Flow that generated the Petition. ie: If someone is in the Approvers group for an Enrollment Flow but is not otherwise eligible to view a Petition, they will not be able to View the petition via this page.

      Attachments

        Issue Links

          is subtask of

          New Feature - A new feature of the product, which has yet to be developed. CO-2619 Approver Special Group Type

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              ioannis.e.igoumenos@at.internet2.edu Ioannis Eythymios Igoumenos (google.com)
              benn.oshrin@at.internet2.edu Benn Oshrin (internet2.edu)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: