search

gravitee-io / issues

Gravitee.io - API Platform - Issues
65 stars 26 forks source link

[APIM] Improve permission granulation on environment settings #9189

Closed Okhelifi closed 1 year ago

Okhelifi commented 1 year ago

Describe the bug :

The behavior on roles/permissions is not working as expected when granular permissions are added for the environment settings.

To Reproduce :

Steps to reproduce the behaviour:

Make a role that has (for example) permission to see Dictoinaries.

This role has to have Settings permission to see the main settings menu button.

See multiple options visible in the settings submenu.

Expected behaviour :

The expected behavior is, the settings menu button shows up for all users that have permission to see a submenu item of the settings menu, such as Dictionaries or Groups. The user should only have permission allowed on the submenu item without the need of adding the "settings" permission to see the menu. In this way, when user is granted for example permission to read Dictionaries, the settings button will appear to them, and when they click on it, only Dictionaries will show up in the submenu. Other options are not expected to show, since the user is not expected to see those settings.

Current behaviour :

The settings menu will not show if the settings permission is not given, while giving this permission allows users to see extra settings that they should not.

Desktop :

Environment: [e.g. 3.20.14]

Browser [e.g. chrome, safari]

Okhelifi commented 1 year ago

Closed as it's a duplicate of #9150