Skip to content

🔒️(back) don't allow an owner to change or delete other owner accesses #869

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

🔒️(back) don't allow an owner to change or delete other owner accesses #869

wants to merge 1 commit into from
+176 −16

Conversation

lunika
Copy link
Member

@lunika lunika commented Apr 14, 2025

Purpose

Owner accesses can not be modified or deleted from other owners. Only current owner can modify and delete its own access.

Proposal

  • 🔒️(back) don't allow an owner to change or delete other owner accesses

Sorry, something went wrong.

@lunika lunika added bug Something isn't working backend labels Apr 14, 2025
@lunika lunika requested review from sampaccoud, qbey and Copilot April 14, 2025 15:26
@lunika lunika self-assigned this Apr 14, 2025
Copilot
Copilot AI reviewed Apr 14, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

Comments suppressed due to low confidence (2)

src/backend/core/tests/documents/test_api_document_accesses.py:1042

  • Consider adding tests for team ownership deletion once team-based owner access is implemented to ensure complete coverage of all access control scenarios.
pytest.skip("Implement when team ownership is implemented")

src/backend/core/models.py:1118

  • [nitpick] Consider adding parentheses in the can_delete condition to enhance readability and clarify the intended logic.
# An owner can only delete its own access if other owners exist

@lunika
🔒️(back) don't allow an owner to change or delete other owner accesses
Loading
Loading status checks…
06b8a09 
Owner accesses can not be modified or deleted from other owners. Only
current owner can modify and delete its own access.
@lunika lunika force-pushed the fix/owner-access-check branch from 693e8bc to 06b8a09 Compare April 14, 2025 15:52
@lunika
Copy link
Member Author

lunika commented Apr 15, 2025

As discuss with @rl-83 the issue is not in the back application. The business logic implemented in the back application is the one expected. The front does not reflect the abilities return by the access API.

@lunika lunika closed this Apr 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot

@sampaccoud sampaccoud

@qbey qbey

Assignees

@lunika lunika

Labels
backend bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@lunika