Evaluate LDAP prefilter return status

CDLUC3 / mrt-doc

Documentation and Information regarding the Merritt repository

8 stars 4 forks source link

Evaluate LDAP prefilter return status #508

Closed terrywbrady closed 3 years ago

terrywbrady commented 3 years ago

I think I found it in a prefilter in the object controller. Please check that the user has LDAP write permissions for the profile. @terrywbrady we may want to change the 404 to a 401 in the following for the object controller, if I'm reading the logic correctly

  before_filter(only: %i[ingest mint update]) do
    if current_user
      render(status: 404, text: '') unless current_user.groups('write').any? { |g| g.submission_profile == params[:profile] }
    else
      render(status: 401, text: '')
    end
  end

terrywbrady commented 3 years ago

@elopatin-uc3 , what is this? Can we close this?

elopatin-uc3 commented 3 years ago

I don't recognize it either; closing.