Uploaded image for project: 'Workspaces'
  1. Workspaces
  2. WORKSPACES-711

Right "Update project" is not working correctly

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • 2.0.0
    • None
    • Module Catalog
    • None
    • 2.2.0
    • 4.4 M6

      How to reproduce : 

      1 - On _admin, remove right "Update a project" on a profile : 

      2 - On CMS, set the profile on "General" context.

      3 - On front, open an existing project 

      => It is possible to update project whereas it should not. 

      Precision : It works correctly for rights "Create a project" and "Delete a project". 

        1. image-2020-10-20-17-11-57-277.png
          33 kB
          Magali Franchet
        2. image-2020-10-20-17-12-50-771.png
          38 kB
          Magali Franchet
        3. image-2020-10-20-17-14-35-676.png
          77 kB
          Magali Franchet
        4. image-2020-11-09-16-24-19-440.png
          429 kB
          Magali Franchet

          [WORKSPACES-711] Right "Update project" is not working correctly

          Raphaël Franchet added a comment -

          The context is not the right context. The right is checked on the project, not in the CMS of the catalogue site.
          So, in config, check for the default manager profile of the workspaces. It is the one that have been assigned on the projects.
          Just remove the right from this profile should be fine (no need to assign this profile in the CMS)

          BUT (there is always a but)

          beeing a manager of a project always gives you some rights, including the right to edit the project.
          That is not true with the right of removing a project that can be removed.

          So in this ticket we will put all this in the right way.

          Now, edit/remove rights will be automatically set to a manager (note, that the rights are in the category admin, so they will only be usable in the admin)
          Additionnaly member also receive a READER profile on the root, that look useless

          Raphaël Franchet added a comment - The context is not the right context. The right is checked on the project, not in the CMS of the catalogue site. So, in config, check for the default manager profile of the workspaces. It is the one that have been assigned on the projects. Just remove the right from this profile should be fine (no need to assign this profile in the CMS) BUT (there is always a but) beeing a manager of a project always gives you some rights, including the right to edit the project. That is not true with the right of removing a project that can be removed. So in this ticket we will put all this in the right way. Now, edit/remove rights will be automatically set to a manager (note, that the rights are in the category admin, so they will only be usable in the admin) Additionnaly member also receive a READER profile on the root, that look useless

            Unassigned Unassigned
            mfranchet Magali Franchet
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: