Skip to content

UI shows edit operations when it shouldn't when Owner Only access control is enabled #4238

New issue
New issue
Open
Open
UI shows edit operations when it shouldn't when Owner Only access control is enabled#4238
Assignees
EricWittmann
Labels
area/autharea/uipriority/lowtype/bugSomething isn't working
Milestone
 
3.x
@EricWittmann

Description

@EricWittmann
EricWittmann
opened on Jan 22, 2024

Description

Registry Version: All
Persistence Type: All

When owner-only access is enabled, the UI doesn't properly hide edit operations from users who shouldn't have access to those operations. The IfAuth UI guard should be checking whether owner-only access is enabled and doing a slightly different check in the impl when it is. Currently it doesn't, so users with Dev access will see edit operations for artifacts they don't own. Those operations will FAIL if they try them (good) but the UI should know enough to hide them.

Environment

All

Steps to Reproduce

  1. Enable owner-only access.
  2. User 1 creates an artifact
  3. User 2 logs in to the UI and sees edit operations (new version, delete, etc) for User 1's artifact

Expected vs Actual Behaviour

UI should hide operations on artifacts when we know those operations will not succeed due to auth.

Logs

N/A

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Labels

area/autharea/uipriority/lowtype/bugSomething isn't working

Type

No type

Projects

Registry 3.0

  • Status

    Backlog

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions