Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Restrict partner-user-management to bank org admins #4458

Open
1 task
awwaiid opened this issue Jun 19, 2024 · 1 comment · May be fixed by #4468
Open
1 task

Restrict partner-user-management to bank org admins #4458

awwaiid opened this issue Jun 19, 2024 · 1 comment · May be fixed by #4468

Comments

@awwaiid
Copy link
Collaborator

awwaiid commented Jun 19, 2024

Summary

We only link to the PartnerUser management page for bank admins, but in app/controllers/partner_users_controller.rb we don't re-assert that restriction. Add a bank-org admin check to this controller.

Things to consider

No response

Criteria for Completion

  • When logged in as a bank non-admin user, you should get a permission denied error when navigating to /partners/ID/users
@awwaiid awwaiid mentioned this issue Jun 19, 2024
Merged
@napster235 napster235 linked a pull request Jun 21, 2024 that will close this issue
Open
@cielf
Copy link
Collaborator

cielf commented Aug 25, 2024

Status: There is an open PR that needs some work on fixing tests to push it over the line.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[4458] - Restrict non admins to partner users napster235/human-essentials
2 participants
@awwaiid @cielf