[MGNLUI-316] Prevent users from deleting themselves Created: 03/Dec/12  Updated: 16/Aug/13  Resolved: 16/Jul/13

Status: Closed
Project: Magnolia UI
Component/s: security app
Affects Version/s: 5.0
Fix Version/s: 5.1

Type: Task Priority: Critical
Reporter: Federico Grilli Assignee: Jozef Chocholacek
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relation
is related to MAGNOLIA-158 adminCentral: User: I can delete myself Closed
Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Date of First Response:

 Comments   
Comment by Jozef Chocholacek [ 12/Jul/13 ]

Well, the user cannot delete himself, such action throws

ERROR info.magnolia.ui.framework.action.DeleteItemAction: Could not execute repository operation
info.magnolia.cms.security.AccessDeniedException: Exception occurred while checking permissions for /admin/username with permission remove
...

But there is no notification nor error message about that exception, so the action fails without any sign (just the error message in the log).

I am going to create an AvailabilityRule to limit the availability of the Delete action only to users different from the currently logged one.

Comment by Jozef Chocholacek [ 12/Jul/13 ]

The Jira integration does not work ATM< so here is the commit: https://git.magnolia-cms.com/gitweb/?p=magnolia_ui.git;a=commit;h=ff47b3b4dd13300db60c79d7326a006f9e87e8d8

Comment by Mikaël Geljić [ 16/Jul/13 ]
  • register delta against 5.1, not 5.1.0 (as for 4.5 or 5.0 in CoreMVH)
  • rename test method accordingly
  • minor phrasing/typo in IsNotCurrentUserRule
    • in class javadoc, either "that the item does not represent the current user." or "whether the item represents the current user."
    • log line 62, should be "verifying".
Comment by Mikaël Geljić [ 16/Jul/13 ]
  • sorry we don't allow underscores in method names, even in test method names, as per our coding conventions :/ (updateTo5_1* should be updateTo51)
Generated at Mon Feb 12 08:35:41 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.