search

MangoAutomation / ma-core-public

Mango Automation Core public code
Other
79 stars 50 forks source link

RAD-4793 Fix editing user privilege escalation - Fluence #1855

Closed josecuadrarad closed 1 year ago

josecuadrarad commented 1 year ago

https://radixiot.atlassian.net/browse/RAD-4793

Description

Fix editing user privilege escalation Cherry picked from RAD-4009

Examples:

Current behavior

Currently, a non admin user can modify a role from a user when it's permissions should not allow it to do so.

Expected behavior

a non admin user can not modify a role from a user when it's permissions should not allow it to do so.

Tests

Release Notes

Did you update the release notes? (Yes / No and the reason it wasn't necessary)

MertCingoz commented 1 year ago

@jazdw some part of the PermissionService actually from another ticket PI-1694. I am not sure it is supposed to be taken like this way.

jazdw commented 1 year ago

@jazdw some part of the PermissionService actually from another ticket PI-1694. I am not sure it is supposed to be taken like this way.

I agree, but I just went over this with Jose and it shouldn't affect anything. We will merge it how it is.