Fix permission bugs regarding with RequirePermission / RequireAdmin
Two reasons were found:
1, Permissions added on the method was overwritten by those on the controller
2, When a signed-in user is refused due to no sufficient permissions, it will be redirected to 'auth.ala.org.au'. Since the user is already signed in, Auth.ala.org.au redirects to the previous link. Then it goes another loop.
Fix permission bugs regarding with RequirePermission / RequireAdmin
Two reasons were found:
1, Permissions added on the method was overwritten by those on the controller 2, When a signed-in user is refused due to no sufficient permissions, it will be redirected to 'auth.ala.org.au'. Since the user is already signed in, Auth.ala.org.au redirects to the previous link. Then it goes another loop.
How to test if the fix works:
Tests: Go to : https://spatial-test.ala.org.au/ws/manageLayers/layers -> click 'Edit'
If you are a ROLE_USER, you should see "You do not have permission to access this link. Please sign in with another account.".
If you are not logged in, you should see "Sign in to access this link", and it will be redirected to the login page after few seconds
This link only allows ROLE_ADMIN to access