-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Reaction.hasPermission's owner pass and replace instances of Roles.userIsInRole #2895
Comments
Related to, extends #2800 |
Comment arising from PR: I think there's a bit more planning to be done about how this will get merged in, because this might cause some side effects in places where hasPermission is in use.
|
@impactmass Since @foladipo is no longer here can you take this over? |
I can't at this moment, but maybe sometime in coming sprints |
@impactmass @ticean should we continue to work on this issue in the near future? |
We can close this. We were working on it in relation to #4525. |
Reaction.hasPermission currently gives global access for users with "owner" role (i.e it always returns true for owners). This means that a check like
Reaction.hasPermission("anonymous")
will returntrue
when we want it to returnfalse
.This happens because
Reaction.hasPermission
joins "owner" to the roles passed to it. We need to remove that join, so that when we check for particular role(s), we are sure that the response is really based on if user has that role.Then we need to ensure that all current usage of Reaction.hasPermission still works with this change.
After that, we proceed to replace instances of
Roles.userIsInRole
withReaction.hasPermission
.The text was updated successfully, but these errors were encountered: