Skip to content

Fix for Issue #560 Don't return members to user without enough permission #569

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 11, 2020
Merged

Fix for Issue #560 Don't return members to user without enough permission #569

merged 3 commits into from
May 11, 2020

Conversation

@gets0ul
Copy link
Contributor

@gets0ul gets0ul commented May 6, 2020

Only return members with project object in these GET /projects and GET /projects/{id} endpoints if user has permission READ_PROJECT_MEMBER.

@gets0ul
Only return members with project object in these GET /projects and GE…
8b51873 
…T /projects/{id} endpoints if user has permission READ_PROJECT_MEMBER.
@maxceem maxceem self-requested a review May 8, 2020 04:36
maxceem
maxceem suggested changes May 8, 2020
View reviewed changes
Copy link
Contributor

@maxceem maxceem left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gets0ul it works good, the only thing we have to keep the existent tests should not return "email" for project members when "fields" query param is not defined (to non-admin users) and should not return "email" for project members even if it\'s listed in "fields" query param (to non-admin users). I guess they fail now, because for testing we are using a user who is invited but not a member, thus members are not returned. In such case we can adjust these test cases and use a another regular user who is a member of the project.

@gets0ul
- Fix checking project members permission logic in GET /projects endp…
1c3cd6a 
…oint.

- Revert test and use another regular user.
@gets0ul
Copy link
Contributor Author

gets0ul commented May 8, 2020

@maxceem PR is updated

@maxceem maxceem self-requested a review May 11, 2020 05:08
maxceem
maxceem approved these changes May 11, 2020
View reviewed changes
Copy link
Contributor

@maxceem maxceem left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gets0ul all good now.

@maxceem maxceem changed the base branch from hotfix/post-release-2.4.1 to feature/members-invites-permission-fixes May 11, 2020 09:35
@maxceem maxceem merged commit 6103784 into topcoder-platform:feature/members-invites-permission-fixes May 11, 2020
@maxceem maxceem mentioned this pull request May 11, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@maxceem maxceem maxceem approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gets0ul @maxceem