Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ACS-6445] Address #PT20471_7 Missing Access Control #3627

Merged
merged 1 commit into from
Feb 5, 2024
Merged

[ACS-6445] Address #PT20471_7 Missing Access Control #3627

merged 1 commit into from
Feb 5, 2024

Conversation

nikita-web-ua
Copy link
Contributor

Please check if the PR fulfills these requirements

  • The commit message follows our guidelines
  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been added / updated (for bug fixes / features)

What kind of change does this PR introduce? (check one with "x")

  • Bugfix
  • Feature
  • Code style update (formatting, local variables)
  • Refactoring (no functional changes, no api changes)
  • Build related changes
  • Documentation
  • Other... Please describe:

What is the current behaviour? (You can also link to an open issue here)

https://alfresco.atlassian.net/browse/ACS-6445

When a user is a member of the ALFRESCO_ADMINISTRATOR group and has consumer access to the site, user is not able to modify the site from the ACA UI, while from the API it is possible. The problem here is how the UI is handling the conflict between a users explicitly declared permissions and the overriding ALFRESCO_ADMINISTRATOR group permission

What is the new behaviour?

Admin user is able to edit the site from the UI no matter what access type he has. Changes made to align UI along with the API as the alfresco admin group (ALFRESCO_ADMINISTRATOR) permission will override any permissions explicitly set

Does this PR introduce a breaking change? (check one with "x")

  • Yes
  • No

If this PR contains a breaking change, please describe the impact and migration path for existing applications: ...

Other information:

@nikita-web-ua nikita-web-ua marked this pull request as ready for review February 1, 2024 16:42
@nikita-web-ua nikita-web-ua force-pushed the dev-mmaliarchuk/ACS-6445-Missing-access-control-for-admin-user branch from 5bcfd4d to 2ce0092 Compare February 5, 2024 08:45
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Feb 5, 2024

Quality Gate Passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@nikita-web-ua nikita-web-ua merged commit bcb7e63 into develop Feb 5, 2024
27 checks passed
@nikita-web-ua nikita-web-ua deleted the dev-mmaliarchuk/ACS-6445-Missing-access-control-for-admin-user branch February 5, 2024 13:59
datguychen pushed a commit that referenced this pull request Feb 5, 2024
@nikita-web-ua @datguychen
[ACS-6445] Address #PT20471_7 Missing Access Control (#3627)
51c1e58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MichalKinas MichalKinas MichalKinas approved these changes

@DenysVuika DenysVuika DenysVuika approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nikita-web-ua @DenysVuika @MichalKinas