Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear session of user on permission change #2205

Open
janno42 opened this issue Jun 3, 2024 · 2 comments · May be fixed by #2355
Open

Clear session of user on permission change #2205

janno42 opened this issue Jun 3, 2024 · 2 comments · May be fixed by #2355
Assignees
Labels
[C] Backend Focuses on backend implementation [P] Medium Medium priority [S] Small This issue should require only small changes. [T] Bug This is a bug. We don't like it. Please get rid of it.
Milestone

Comments

@janno42
Copy link
Member

janno42 commented Jun 3, 2024

When removing manager or reviewer permissions from a user, that user's session should be cleared.
Currently, logging in with a user who was a reviewer and previously used Staff mode fails with an AssertionError:

File "/opt/evap/evap/staff/staff_mode.py", line 56, in update_staff_mode
    assert request.user.has_staff_permission
@janno42 janno42 added [C] Backend Focuses on backend implementation [P] Medium Medium priority [T] Bug This is a bug. We don't like it. Please get rid of it. [S] Small This issue should require only small changes. labels Jun 3, 2024
@janno42 janno42 added this to the Summer 2024 milestone Jun 3, 2024
@richardebeling
Copy link
Member

I guess it would suffice to just reset the attribute in the session that determines whether staff mode is active, so they don't have to log in again?

@niklasmohrin
Copy link
Member

Or would it be better to make the middleware redirect them to normal mode if they don't have the permission (anymore) ?

@janno42 janno42 modified the milestones: Summer 2024, Winter 2024 Oct 7, 2024
@ybrnr ybrnr linked a pull request Dec 16, 2024 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
[C] Backend Focuses on backend implementation [P] Medium Medium priority [S] Small This issue should require only small changes. [T] Bug This is a bug. We don't like it. Please get rid of it.
Development

Successfully merging a pull request may close this issue.

4 participants