Skip to content

make saving for related models respect acl rules#208

Open
gregorio-michael wants to merge 5 commits intoISBX:masterfrom
gregorio-michael:hotfix/make-related-model-upsert-more-strict
Open

make saving for related models respect acl rules#208
gregorio-michael wants to merge 5 commits intoISBX:masterfrom
gregorio-michael:hotfix/make-related-model-upsert-more-strict

Conversation

@gregorio-michael
Copy link

No description provided.

@tma-isbx
Copy link
Contributor

Do we have an issue with the following scenario:

  • Account has RoleMappings
  • a particular user does not have permission to modify their RoleMappings
  • we post up an Account object in many of our forms, and it includes the RoleMappings that were returned by the GET

I think we expect this to succeed in updating the Account, but we should probably ignore changes to the related models that are not allowed. What do you think?

@gregorio-michael
Copy link
Author

Yes you're right actually I'm too hesitant to implement this because if the user have access to the parent model they should eventually have access to the related models right?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants