[MGNLUI-316] Prevent users from deleting themselves Created: 03/Dec/12 Updated: 16/Aug/13 Resolved: 16/Jul/13 |
|
| Status: | Closed |
| Project: | Magnolia UI |
| Component/s: | security app |
| Affects Version/s: | 5.0 |
| Fix Version/s: | 5.1 |
| Type: | Task | Priority: | Critical |
| Reporter: | Federico Grilli | Assignee: | Jozef Chocholacek |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Template: |
|
||||||||
| Acceptance criteria: |
Empty
|
||||||||
| Task DoR: |
Empty
|
||||||||
| Date of First Response: | |||||||||
| Comments |
| Comment by Jozef Chocholacek [ 12/Jul/13 ] |
|
Well, the user cannot delete himself, such action throws ERROR info.magnolia.ui.framework.action.DeleteItemAction: Could not execute repository operation info.magnolia.cms.security.AccessDeniedException: Exception occurred while checking permissions for /admin/username with permission remove ... But there is no notification nor error message about that exception, so the action fails without any sign (just the error message in the log). I am going to create an AvailabilityRule to limit the availability of the Delete action only to users different from the currently logged one. |
| Comment by Jozef Chocholacek [ 12/Jul/13 ] |
|
The Jira integration does not work ATM< so here is the commit: https://git.magnolia-cms.com/gitweb/?p=magnolia_ui.git;a=commit;h=ff47b3b4dd13300db60c79d7326a006f9e87e8d8 |
| Comment by Mikaël Geljić [ 16/Jul/13 ] |
|
| Comment by Mikaël Geljić [ 16/Jul/13 ] |
|