Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changing behavior for editing accesses #404

Merged
merged 4 commits into from
Jan 20, 2023
Merged

Changing behavior for editing accesses #404

merged 4 commits into from
Jan 20, 2023

Conversation

Fancien
Copy link
Collaborator

@Fancien Fancien commented Jan 20, 2023

Changed the rules to edit accesses:

  • Now, anyone with EDIT permission on a dataset can can modify its accesses. Previously, only data stewards and local custodians could access the form to edit accesses
  • Now, only data stewards can modify active accesses. There was no specific protection for active accesses previously

HesamKorki
HesamKorki approved these changes Jan 20, 2023
View reviewed changes
Copy link
Member

@HesamKorki HesamKorki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tested on my local setup. seems to be fulfilling 👍🏻

vildead
vildead reviewed Jan 20, 2023
View reviewed changes
web/views/access.py
@@ -89,13 +90,19 @@ class AccessEditView(CheckerMixin, UpdateView, AjaxViewMixin):
permission_target = 'dataset'

def form_valid(self, form):
"""If access status is Active, only data stewards can edit it"""
original_object = self.model.objects.get(pk=self.object.id)
if original_object.status == StatusChoices.active and not self.request.user.is_part_of(Groups.DATA_STEWARD.value):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

isnt it the same validation as on line 102?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah. sorry. Now I see. First is the form as such, second is just status field ;)

@vildead
Copy link
Member

vildead commented Jan 20, 2023

works as a charm

@vildead vildead merged commit 0857fd4 into develop Jan 20, 2023
@vildead vildead mentioned this pull request Feb 14, 2023
Closed
@vildead vildead deleted the bugfix-permissions-edit-access branch July 10, 2024 09:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vildead vildead vildead left review comments

@HesamKorki HesamKorki HesamKorki approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Fancien @vildead @HesamKorki