Closed adambarreiro closed 1 year ago
Closing this PR as I think this was a misunderstanding from my side, as the affected flag is used more like "IsSystemOrg" rather than to detect that is the System Administrator with all its rights. If one searches throughout the code this behaviour can be seen, so this PR doesn't make any sense.
Problem
Currently, to determine the
IsSysAdmin
property from the VCDClient struct, we just compare the current logged in user's Organization, if it's System, we say it is a System Administrator:This assumption is wrong, as one can have a user in System that doesn't have System Administrator role. Some examples:
Solution
The solution is tricky. Let's review some discarded options:
The implemented solution starts from this last idea: it has all the rights. We need to compare the rights of "System Administrator", which has every single one of them and is a read only role, with the role of the logged in user.
So in the solution we get role and rights from the user, then "System Administrator" role and rights, and compare their length. If it's the same, then is a SysAdmin.