The permissions for the Manage SSO page are too wide - any manager can access the vault URL (even though the page itself never loads because it’s blocked at the server side). This page should be limited to those where organization.manageSso is true, i.e. admins, owners, Manage SSO custom permission.
Note: you have to navigate directly to the URL to find this bug, the button is hidden correctly in the UI.
(This will not be picked to rc. Master only)
Code changes
Update permissions in the routing guards. The Permissions array only requires that 1 of those permissions is met for navigation to be permitted. So:
keep the "manage" permissions on the parent ManageComponent (for consistency with OssRoutingModule)
move ManageSso permission down to the SsoComponent itself, so that it's always required
Screenshots
Before you submit
[x] I have checked for linting errors (npm run lint) (required)
[ ] This change requires a documentation update (notify the documentation team)
[ ] This change has particular deployment requirements (notify the DevOps team)
Type of change
Objective
The permissions for the Manage SSO page are too wide - any manager can access the vault URL (even though the page itself never loads because it’s blocked at the server side). This page should be limited to those where
organization.manageSsois true, i.e. admins, owners, Manage SSO custom permission.Note: you have to navigate directly to the URL to find this bug, the button is hidden correctly in the UI.
(This will not be picked to rc. Master only)
Code changes
Update permissions in the routing guards. The
Permissionsarray only requires that 1 of those permissions is met for navigation to be permitted. So:ManageComponent(for consistency withOssRoutingModule)ManageSsopermission down to theSsoComponentitself, so that it's always requiredScreenshots
Before you submit
npm run lint) (required)