Details
-
Bug
-
Resolution: Completed
-
Minor
-
COmanage Registry 4.1.2 (Quiet Quay MR2)
-
None
Description
The "View" buttons on the CoPetitions index view render if edit or approve permissions are true for the current user (and similarly "Delete" renders for delete or deny permissions). However, these permissions are calculated once for the index view instead of on a per-record basis.
Approve (and deny) permission should be calculated on a per-record basis, since permission to approve can depend on the configuration of the Enrollment Flow that generated the Petition. ie: If someone is in the Approvers group for an Enrollment Flow but is not otherwise eligible to view a Petition, they will not be able to View the petition via this page.
Attachments
Issue Links
- is subtask of
-
CO-2619 Approver Special Group Type
- Resolved