Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do we need 2 sets of permission labels for adding comments ? #961

Closed
atodorov opened this issue Jun 6, 2019 · 0 comments
Closed

Do we need 2 sets of permission labels for adding comments ? #961

atodorov opened this issue Jun 6, 2019 · 0 comments
Labels
refactoring

Comments

@atodorov
Copy link
Member

atodorov commented Jun 6, 2019

From the discussion in #946

ATM it is not clear if we only need the django_comments.add_comment permission or also permissions to modify other objects because nothing checks for that on the back end.
OTOH how do I add a comment to a TestExecution if I am not allowed to change this TE? Technically these are separate tables in DB but the user experience is different.

On one hand we can modify the related object as stand alone without being able to modify the parent object, e.g. add comment, don't modify TE.

OTOH we could bind the two together and require that a user would only be able to add comments only if they can modify the parent object, e.g. check 2 permission labels.

Note: there's at least 3 places where we work with comments:

  • API method TestExecution.add_comment
  • UI workflow TestExecution -> add comment form
  • Test case review workflow.

Not sure if there are other places where we can add comments. This is probably going to become clear once #959 and #960 are resolved.

CC @SvetlomirBalevski.
atodorov added a commit that referenced this issue Nov 26, 2019
@atodorov
Check for permissions in HTML template. Closes #961
97e8384 
RPC methods which add comments only need 1 permission so should
HTML templates. Adding comments (reviewing a TC) is independent
action and in theory you could have a very limited User/Group
which is allowed to do only this.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
refactoring
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@atodorov @ivo0126