turnerrainer
commented
6 months ago @ValterAro please provide a matrix of Modules and their functionalities linked to user's permissions.
Open ValterAro opened 6 months ago
turnerrainer
commented
6 months ago @ValterAro please provide a matrix of Modules and their functionalities linked to user's permissions.
ValterAro
commented
6 months ago @turnerrainer The table of user permissions should look like this.
X shows what parts should the specific user have access to.
ffrose
commented
4 months ago Works as intended.
Short summary: There are no restrictions for various roles to go to other modules when they know the url. For example, as an analyst I can only see the Analytics module in the menu, but if I type https://admin.dev.buerokratt.ee/chat/users I can go and give my self all the rights. Expected result: the access to specific modules should be based on the role and the person should not be able to just use the url. Also only administrator should be able to assign roles. Pics:
As an analyst I will go to the .../chat/users url.
In the ../chat/users I am like admin and can do the same things as admin.