Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

UI: record edition page can be opened by a user which does not have the permission #1600

Closed
nharraud opened this issue Dec 14, 2017 · 0 comments · Fixed by #1802
Closed

UI: record edition page can be opened by a user which does not have the permission #1600

nharraud opened this issue Dec 14, 2017 · 0 comments · Fixed by #1802
Labels
Bug UI
Milestone
backlog

Comments

@nharraud
Copy link
Contributor

Problem:
A user who does not have the right to edit a record can still see the page for editing a published record metadata: http://<HOSTNAME>/records/<ID>/edit

Level: Minor issue
This is a minor issue as the user would have to copy paste the URL to the edition page. There is no button displayed on the record page to edit it. Also when the user tries to save the REST API correctly refuses with a 403 error.
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
Bug UI
Projects
None yet
Milestone
backlog
Development

Successfully merging a pull request may close this issue.

Update root schema hevp/b2share
2 participants
@emanueldima @nharraud