Disable ability to change your own Role and Tenant in the User Profile

apache / trafficcontrol

Apache Traffic Control is an Open Source implementation of a Content Delivery Network

https://trafficcontrol.apache.org/

Apache License 2.0

1.07k stars 344 forks source link

Disable ability to change your own Role and Tenant in the User Profile #2731

Open chadgilloth opened 6 years ago

chadgilloth commented 6 years ago

When editing your own profile in Traffic Portal, it is possible for a user to remove higher level privileges/capabilities for Role and Tenant with no way to reset them to their previous setting as you can only set your role and tenant lower on their trees. We should disable the ability to change your own role and tenant to prevent users from losing capabilities and access.

mitchell852 commented 4 years ago

looks somewhat related to #4064

zrhoffman commented 1 year ago

@chadgilloth Are you still able to reproduce #2731 now that Roles and Permissions were reworked in ATC 6.0.0?