search

AtlasOfLivingAustralia / spatial-service

Spatial web services and layer administration console
https://spatial.ala.org.au/ws
2 stars 11 forks source link

Update spatial layer metadata by ROLE_USER #191

Closed qifeng-bai closed 1 year ago

qifeng-bai commented 2 years ago

Fix permission bugs regarding with RequirePermission / RequireAdmin

Two reasons were found:

1, Permissions added on the method was overwritten by those on the controller 2, When a signed-in user is refused due to no sufficient permissions, it will be redirected to 'auth.ala.org.au'. Since the user is already signed in, Auth.ala.org.au redirects to the previous link. Then it goes another loop.

How to test if the fix works:

Tests: Go to : https://spatial-test.ala.org.au/ws/manageLayers/layers -> click 'Edit'

If you are a ROLE_USER, you should see "You do not have permission to access this link. Please sign in with another account.".

If you are not logged in, you should see "Sign in to access this link", and it will be redirected to the login page after few seconds

This link only allows ROLE_ADMIN to access

qifeng-bai commented 2 years ago

PR: https://github.com/AtlasOfLivingAustralia/spatial-service/pull/194

nickdos commented 2 years ago

Tested ✅

Confirming I now get this message for a ROLE_USER only accont:

image