Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ARs and Samples from other clients are listed when logged in as contact #1013

Merged
merged 5 commits into from
Aug 30, 2018
Merged

ARs and Samples from other clients are listed when logged in as contact #1013

merged 5 commits into from
Aug 30, 2018

Conversation

xispa
Copy link
Member

@xispa xispa commented Aug 30, 2018

Description of the issue/feature this PR addresses

Although Client contacts cannot access to Analysis Requests or Sampels from other clients (Unauthorized traceback is rised), they could still see them in lists. This commit enforces to never list Analysis Requests and Samples from clients other than the contact.

Current behavior before PR

Analysis Requests and Samples from clients other than current contact are displayed in listings.

Desired behavior after PR is merged

Analysis Requests and Samples from clients other than current contact are not displayed in listings.

--
I confirm I have tested this PR thoroughly and coded it according to PEP8
and Plone's Python styleguide standards.

xispa added 3 commits August 30, 2018 17:41
@xispa
Always filter AR lists by Client when current user is a Client
6268cdf 
Although Client contacts cannot access to Analysis Requests from other
clients (Unauthorized traceback is rised), they could still see them
in lists. With this commit, we guarantee that ARs from clients other
than the contact are never displayed.
@xispa
Always filter Sample lists by Client when user is Client
f5efe8d 
Although Client contacts cannot access to Samples from other clients
(Unauthorized traceback is rised), they could still see them in lists.
With this commit, we guarantee that Samples from clients other than
the contact are never displayed.
@xispa
Update CHANGES.rst
f60b493
@xispa xispa changed the title Filter ar clientcontacts ARs and Samples from other clients are listed when logged in as contact Aug 30, 2018
ramonski
ramonski approved these changes Aug 30, 2018
View reviewed changes
Copy link
Contributor

@ramonski ramonski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Hopefully this will get better as soon as we change to membrane users and do the permissions via local roles and maybe even a placeful workflow...

@ramonski ramonski merged commit e9b448e into master Aug 30, 2018
@ramonski ramonski deleted the filter-ar-clientcontacts branch August 30, 2018 19:33
@xispa xispa mentioned this pull request Aug 30, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ramonski ramonski ramonski approved these changes

Assignees
No one assigned
Labels
Bug 🐞 P0: Critical
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@xispa @ramonski