Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes "some item edit pages are accessible by anonymous users" #2632

Merged
merged 3 commits into from
Nov 13, 2023
Merged

Fixes "some item edit pages are accessible by anonymous users" #2632

merged 3 commits into from
Nov 13, 2023

Conversation

vNovski
Copy link
Contributor

@vNovski vNovski commented Nov 13, 2023
edited by tdonohue
Loading

References

Fixes #2609

Description

Users without the necessary authorizations (and especially anonymous users) should not have access to administrator pages.
Instead, they should be redirected to the login page, or be shown a 403 page.

Instructions for Reviewers

Admin:

  • When accessing "/edit/access-control" as the administrator, we navigate successfully.

  • When accessing "/edit/curate" as the administrator, we navigate successfully.

Anonymous users:

  • If in the url the page the name "/edit/access-control"

  • The page automatically redirects to the login page

  • If in the url the page the name "/edit/curate"

  • The page automatically redirects to the login page

Checklist

  • My PR is small in size (e.g. less than 1,000 lines of code, not including comments & specs/tests), or I have provided reasons as to why that's not possible.
  • My PR passes ESLint validation using yarn lint
  • My PR doesn't introduce circular dependencies (verified via yarn check-circ-deps)
  • My PR includes TypeDoc comments for all new (or modified) public methods and classes. It also includes TypeDoc for large or complex private methods.
  • My PR passes all specs/tests and includes new/updated specs or tests based on the Code Testing Guide.
  • If my PR includes new libraries/dependencies (in package.json), I've made sure their licenses align with the DSpace BSD License based on the Licensing of Contributions documentation.
  • If my PR includes new features or configurations, I've provided basic technical documentation in the PR itself.
  • If my PR fixes an issue ticket, I've linked them together.

@tdonohue
Copy link
Member

@vNovski : This appears to be related to #2609 (which is assigned to @atarix83 ). Is that correct? If so, I'd love to consider this for 7.6.1 (due this week), but I cannot do so until the PR is taken out of "Draft" status. Please let me know when this is ready for review. Thanks!

@vNovski vNovski marked this pull request as ready for review November 13, 2023 16:01
@atarix83
Copy link
Contributor

@tdonohue

ready to be reviewed

@tdonohue tdonohue added bug 1 APPROVAL pull request only requires a single approval to merge high priority authorization related to authorization, permissions or groups ux User Experience related works labels Nov 13, 2023
@tdonohue tdonohue self-requested a review November 13, 2023 16:54
@tdonohue tdonohue added the port to dspace-7_x This PR needs to be ported to `dspace-7_x` branch for next bug-fix release label Nov 13, 2023
@tdonohue tdonohue changed the title Duracom 202 some item edit pages are accessible by anonymous users Fixes "some item edit pages are accessible by anonymous users" Nov 13, 2023
tdonohue
tdonohue approved these changes Nov 13, 2023
View reviewed changes
Copy link
Member

@tdonohue tdonohue left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 Thanks @vNovski ! I've tested this today and it fixes the bug. The code looks good as well.

@tdonohue tdonohue merged commit e99fff8 into DSpace:main Nov 13, 2023
11 checks passed
@dspace-bot dspace-bot mentioned this pull request Nov 13, 2023
Merged
@dspace-bot
Copy link
Contributor

Successfully created backport PR for dspace-7_x:

@tdonohue tdonohue added this to the 8.0 milestone Nov 13, 2023
@tdonohue tdonohue removed the port to dspace-7_x This PR needs to be ported to `dspace-7_x` branch for next bug-fix release label Nov 13, 2023
@tdonohue tdonohue mentioned this pull request Jan 8, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tdonohue tdonohue tdonohue approved these changes

Assignees

@vNovski vNovski

Labels
1 APPROVAL pull request only requires a single approval to merge authorization related to authorization, permissions or groups bug high priority ux User Experience related works
Projects
No open projects
DSpace 8.0 Release
Status: ✅ Done
Milestone
8.0
Development

Successfully merging this pull request may close these issues.

Some Item edit pages are accessible by anonymous users
4 participants
@vNovski @tdonohue @atarix83 @dspace-bot