Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
minerva
core
Commits
bc23a6c1
Commit
bc23a6c1
authored
Aug 22, 2019
by
Piotr Gawron
Browse files
disable editing users when curator doesnt't have write access level
parent
b85bc9bb
Changes
2
Hide whitespace changes
Inline
Side-by-side
CHANGELOG
View file @
bc23a6c1
...
...
@@ -13,6 +13,8 @@ minerva (14.0.0~beta.0) unstable; urgency=low
*
Bug
fix
:
privilege
checking
on
updating
privileges
,
data
overlays
were
not
sufficient
and
could
lead
to
access
escalation
*
Bug
fix
:
user
without
privileges
had
edit
map
input
options
enabled
*
Bug
fix
:
user
without
privileges
had
edit
map
input
options
for
managing
project
users
*
Bug
fix
:
alignment
of
tabs
fixed
for
dialogs
:
"Add Project"
,
"Edit Genome"
,
"Edit Project"
,
"Edit User"
(#
881
)
...
...
frontend-js/src/main/js/gui/admin/EditProjectDialog.js
View file @
bc23a6c1
...
...
@@ -781,12 +781,14 @@ EditProjectDialog.prototype.refreshMaps = function () {
*/
EditProjectDialog
.
prototype
.
refreshUsers
=
function
()
{
var
self
=
this
;
return
self
.
getServerConnector
().
getLoggedUser
().
then
(
function
(
user
)
{
var
curatorPrivilege
=
self
.
getConfiguration
().
getPrivilegeType
(
PrivilegeType
.
IS_CURATOR
);
var
adminPrivilege
=
self
.
getConfiguration
().
getPrivilegeType
(
PrivilegeType
.
IS_ADMIN
);
return
self
.
getServerConnector
().
getLoggedUser
().
then
(
function
(
loggedUser
)
{
var
isAdmin
=
loggedUser
.
hasPrivilege
(
self
.
getConfiguration
().
getPrivilegeType
(
PrivilegeType
.
IS_ADMIN
));
var
isCurator
=
loggedUser
.
hasPrivilege
(
self
.
getConfiguration
().
getPrivilegeType
(
PrivilegeType
.
IS_CURATOR
))
&&
loggedUser
.
hasPrivilege
(
self
.
getConfiguration
().
getPrivilegeType
(
PrivilegeType
.
WRITE_PROJECT
),
self
.
getProject
().
getProjectId
());
//we need to refresh users as well because of privileges
if
(
user
.
hasPrivilege
(
curatorPrivilege
)
||
user
.
hasPrivilege
(
adminPrivilege
)
)
{
return
ServerConnector
.
getUsers
(
true
).
then
(
function
(
users
)
{
if
(
isAdmin
||
isCurator
)
{
return
self
.
get
ServerConnector
()
.
getUsers
(
true
).
then
(
function
(
users
)
{
return
self
.
setUsers
(
users
);
});
}
else
{
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment