MariusJulius
commented
6 months ago Edge case - not really an issue. Simplest - force logout, but user who as work in progress can lose it.
Open plakitkelly opened 7 months ago
MariusJulius
commented
6 months ago Edge case - not really an issue. Simplest - force logout, but user who as work in progress can lose it.
Before: If user had main user privileges and he was logged in and at the same time the privileges are changed (eg main user -> client role, or add/remove any privilege), then that user couldn't perform actions for which he no longer had rights. Eg: user had main user role and he was logged in then role changed to client role this user could also see, for example, Kasutajate haldus button, but couldn't click it after the refresh, these buttons disappeared and he couldn't no longer acces them
Or He had translator role and it changed to main user, other buttons appeared after refresh
Now: If user has main user role and it changed to translator role. He still can do actions for which he no longer has rights. Buttons doesn't disappear even after refresh. And he still can activate users, add/edit/remove roles (I only tested these actions) In my case, before this user had main user role, then I assign only view_vendor_db, view vendor tasks, view pricelist privileges. And when I tried to create new order, system said only that I can't be client for this project but I was able to create new order.
Now the system checks privileges only when logging in, not while logged in