Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix user permission on Projects API #5048

Merged
merged 6 commits into from
Apr 21, 2022
Merged

Fix user permission on Projects API #5048

merged 6 commits into from
Apr 21, 2022

Conversation

Aadesh-Baral
Copy link
Contributor

@Aadesh-Baral Aadesh-Baral commented Mar 20, 2022
edited
Loading

fixes #5047 and other permission issues on API.
It Fixes the following permission issue:

Function Current Permission Changes Permission to
Adds a comment to the task outside of mapping/validation Blocked users can also add a comment outside of mapping/validation Blocked users have read-only access
Send messages to all contributors of a project at once Any user Limited to TM Admins, Org Admins, Project Author, and Teams with PM, access
Set a project as featured Any user Limited to TM Admins, Org Admins, Project Author, and Teams with PM, access
Unset a project as featured Any user Limited to TM Admins, Org Admins, Project Author, and Teams with PM, access
Creates a relationship between project and interests Any user Limited to TM Admins, Org Admins, Project Author, and Teams with PM, access
Assign a campaign for a project Any user Limited to TM Admins, Org Admins, Project Author, and Teams with PM, access
Delete a campaign for a project Any user Limited to TM Admins, Org Admins, Project Author, and Teams with PM, access
Assign a team to a project Manager of any team Limited to TM Admins, Org Admins, Project Author, and Teams with PM, access
Update the role of a team on a project Manager of any team Limited to TM Admins, Org Admins, Project Author, and Teams with PM, access
Deletes the specified team project assignment Manager of any team Limited to TM Admins, Org Admins, Project Author, and Teams with PM, access
Map all tasks on a project Any user Limited to TM Admins, Org Admins, Project Author, and Teams with PM, access
Validate all mapped tasks on a project Any user Limited to TM Admins, Org Admins, Project Author, and Teams with PM, access
Invalidate all mapped tasks on a project Any user Limited to TM Admins, Org Admins, Project Author, and Teams with PM, access
Set all bad imagery tasks as ready for mapping Any user Limited to TM Admins, Org Admins, Project Author, and Teams with PM, access
Reset all tasks on the project back to ready, preserving history Any user Limited to TM Admins, Org Admins, Project Author, and Teams with PM, access

@Aadesh-Baral
Copy link
Contributor Author

Found the same issues on other Projects APIs. So this PR needs an update to address them as well. Drafting this for now

@Aadesh-Baral Aadesh-Baral marked this pull request as draft March 21, 2022 04:24
@Aadesh-Baral Aadesh-Baral changed the title Fix user permission on ProjectsActionsMessageContributorsAPI Fix user permission on Projects API Mar 21, 2022
@sonarcloud
Copy link

sonarcloud bot commented Apr 17, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

No Coverage information No Coverage information
0.0% 0.0% Duplication

@Aadesh-Baral Aadesh-Baral marked this pull request as ready for review April 17, 2022 10:37
@Aadesh-Baral Aadesh-Baral merged commit b07d369 into hotosm:develop Apr 21, 2022
@Aadesh-Baral Aadesh-Baral deleted the 5047-update-action-permission branch April 21, 2022 05:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ramyaragupathy ramyaragupathy Awaiting requested review from ramyaragupathy

Assignees
No one assigned
Labels
scope: backend scope: frontend
Projects
No open projects
Tasking Manager Roadmap 2022
Status: Deployed to production
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Only allow users with at least project manager role to send messages to all contributor of project.
1 participant
@Aadesh-Baral