unleash.unleash

mirror of https://github.com/Unleash/unleash.git synced 2025-01-06 00:07:44 +01:00

History

Christopher Kolstad e9d9db17fe feat: Adding Project access requires same role (#6270 ) In order to prevent users from being able to assign roles/permissions they don't have, this PR adds a check that the user performing the action either is Admin, Project owner or has the same role they are trying to grant/add. This addAccess method is only used from Enterprise, so there will be a separate PR there, updating how we return the roles list for a user, so that our frontend can only present the roles a user is actually allowed to grant. This adds the validation to the backend to ensure that even if the frontend thinks we're allowed to add any role to any user here, the backend can be smart enough to stop it. We should still update frontend as well, so that it doesn't look like we can add roles we won't be allowed to.	2024-02-20 15:56:53 +01:00
..
actions
getters	feat: Adding Project access requires same role (#6270 )	2024-02-20 15:56:53 +01:00

Christopher Kolstad e9d9db17fe

feat: Adding Project access requires same role (#6270 )

In order to prevent users from being able to assign roles/permissions
they don't have, this PR adds a check that the user performing the
action either is Admin, Project owner or has the same role they are
trying to grant/add.

This addAccess method is only used from Enterprise, so there will be a
separate PR there, updating how we return the roles list for a user, so
that our frontend can only present the roles a user is actually allowed
to grant.

This adds the validation to the backend to ensure that even if the
frontend thinks we're allowed to add any role to any user here, the
backend can be smart enough to stop it.

We should still update frontend as well, so that it doesn't look like we
can add roles we won't be allowed to.

2024-02-20 15:56:53 +01:00

actions

getters

feat: Adding Project access requires same role (#6270 )

2024-02-20 15:56:53 +01:00