Actions
Defect #2623
closedUser with READ permission on IdmIdentity or IdmRole can invoke recertification
Start date:
12/18/2020
Due date:
% Done:
100%
Estimated time:
Affected versions:
Owner:
Description
All users, who have READ permission on either IdmIdentity or IdmRole can execute bulk action for role recertification. This was not intended behavior. Only users with RecRecertificationAction should be able to execute recertification bulk action. See https://wiki.czechidm.com/devel/documentation/modules_rec/adm/security
Related issues
Updated by Radek Tomiška over 3 years ago
- Affected versions 1.0.0 added
- Affected versions deleted (
2.1.0)
Updated by Vladimír Kotýnek over 3 years ago
- Priority changed from Normal to Urgent
Updated by Radek Tomiška over 3 years ago
- Status changed from New to In Progress
- Assignee set to Radek Tomiška
Updated by Radek Tomiška over 3 years ago
- Related to Task #1981: Separate Remove from other menu items in identity bulk actions added
Updated by Radek Tomiška over 3 years ago
- Status changed from In Progress to Closed
- % Done changed from 0 to 100
I added missing authority check on backend, commit:
https://git.bcvsolutions.eu/modules/recertification/-/commit/2ce20e3de767be8ce62c054c63556f5f7a11cae7
I released version 2.2.0, available here:
https://nexus.bcvsolutions.eu/#browse/browse:maven-releases:eu%2Fbcvsolutions%2Fidm%2Fidm-rec%2F2.2.0
Updated by Radek Tomiška over 3 years ago
- Related to Defect #2625: Bulk action - disabled actions are visible added
Actions