Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Permissions system overhaul / Enhance role enforcement for all pages #530

Open
wrongecho opened this issue Dec 29, 2022 · 3 comments
Open

Feature Request: Permissions system overhaul / Enhance role enforcement for all pages #530

wrongecho opened this issue Dec 29, 2022 · 3 comments
Assignees
@wrongecho
Labels
enhancement New feature or request

Comments

@wrongecho
Copy link
Collaborator

wrongecho commented Dec 29, 2022
edited
Loading

All pages (including reports) should have good role enforcement. If a page is hidden from the menu, it shouldn't be accessible just because you know a valid URL.

--

Getting lots of interest in this on the forum: https://forum.itflow.org/d/50-user-permissions & https://forum.itflow.org/d/243-feature-request-limit-technician-access-to-clients/6

My thoughts are here
@wrongecho wrongecho self-assigned this Dec 29, 2022
@wrongecho wrongecho added the enhancement New feature or request label Dec 29, 2022
@johnnyq johnnyq added this to the 1.0 milestone Jan 3, 2023
@wrongecho wrongecho mentioned this issue Feb 1, 2023
Merged
@Deeds101 Deeds101 mentioned this issue Sep 24, 2023
Closed
@wrongecho wrongecho changed the title Feature Request: Enhance role enforcement for all pages Feature Request: Permissions system overhauld / Enhance role enforcement for all pages Oct 8, 2023
@wrongecho wrongecho changed the title Feature Request: Permissions system overhauld / Enhance role enforcement for all pages Feature Request: Permissions system overhaul / Enhance role enforcement for all pages Oct 8, 2023
@wrongecho
Copy link
Collaborator Author

Removing from 1.0

@wrongecho wrongecho removed this from the 1.0 milestone Nov 25, 2023
@wrongecho wrongecho mentioned this issue Apr 3, 2024
Closed
@wrongecho wrongecho linked a pull request May 26, 2024 that will close this issue
User roles - Initial #964
Merged
@wrongecho wrongecho removed a link to a pull request May 26, 2024
User roles - Initial #964
Merged
@wrongecho wrongecho mentioned this issue Aug 26, 2024
Closed
@wrongecho
Copy link
Collaborator Author

On the back of this forum post, we probably need to consider having 2 or more "modules" for permissions to reports, too (tech and financial maybe?).

wrongecho pushed a commit that referenced this issue Sep 14, 2024
Permissions overhaul - Define permissions in the database
271019b 
2nd attempt at this one!
Similar to #1008 but separately defining the roles, modules and associated permissions in the database.
Also has admin being a defined role automatically having full access.

Parent issue: #530
@wrongecho wrongecho mentioned this issue Sep 14, 2024
Merged
wrongecho pushed a commit that referenced this issue Sep 14, 2024
Permissions overhaul - Define permissions in the database
c7340ca 
2nd attempt at this one!
Similar to #1008 but separately defining the roles, modules and associated permissions in the database.
Also has admin being a defined role automatically having full access.

Parent issue: #530
wrongecho pushed a commit that referenced this issue Sep 14, 2024
Permissions overhaul - Define permissions in the database
ee9a278 
2nd attempt at this one!
Similar to #1008 but separately defining the roles, modules and associated permissions in the database.
Also has admin being a defined role automatically having full access.

Parent issue: #530
@wrongecho
Copy link
Collaborator Author

We need a way to enforce access to client for edits and deletes too since we added back the ability to hide clients from users.
Simple way is probably to ensure client_id is aways the get/post variable name (sometimes we use other things) and do the check off that at the start of POST.

@wrongecho wrongecho linked a pull request Sep 28, 2024 that will close this issue
More enforcing user permissions #1072
Merged
@wrongecho wrongecho removed a link to a pull request Sep 28, 2024
More enforcing user permissions #1072
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wrongecho wrongecho

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@johnnyq @wrongecho