Authorization policies - check change user type permission on backend
New base persmission 'CHANGEPROJECTION' was added for secure changing identity form form projection. This permission is used on frontend only - implement validation processor on identity and check permission on backend to - lookout, permission should be evaluated just when ''UPDATE'' permission is required (prevent check for internal processes like synchronization).
#3 Updated by Radek Tomiška 11 months ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Radek Tomiška to Vít Švanda
- % Done changed from 0 to 90
It's implemented, commit:
Could you provide me a feedback, please?