Actions
Task #2863
openDon't allow users to delete (cancel) the role requests which they didn't create
Status:
New
Priority:
Low
Assignee:
Vít Švanda
Category:
Authentication / Authorization
Target version:
-
Start date:
06/25/2021
Due date:
% Done:
0%
Estimated time:
Owner:
Description
Tested on version 11.
By default, the users may delete (cancel) an open role request, which they didn't create.
Example:
By default, the users may delete (cancel) an open role request, which they didn't create.
Example:
- manager adds some role to the user
- there is some error on the system
- both the user and the manager may delete the request
It would be more safe if the user couldn't delete the request, if they didn't create it themselves.
Files
Actions