-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[AC-2604] Fix aggregation of CollectionGroup permissions #4097
[AC-2604] Fix aggregation of CollectionGroup permissions #4097
Conversation
EDIT: rc cut has apparently been moved so that's OK |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4097 +/- ##
=======================================
Coverage 39.07% 39.07%
=======================================
Files 1201 1201
Lines 58021 58021
Branches 5339 5339
=======================================
Hits 22670 22670
- Misses 34294 34295 +1
+ Partials 1057 1056 -1 ☔ View full report in Codecov by Sentry. |
New Issues
|
…erited-from-groups-are-inconsistent
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for fixing these!
…erited-from-groups-are-inconsistent
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Type of change
Objective
Fix the following bug: when a user is in multiple groups, and those groups have varying levels of access to the same collection (including at least 1 group with Can Manage access), the user does not always receive Can Manage access to that collection.
This is a bug that @shane-melton picked up earlier when implementing #3793. For the CollectionGroup permissions
HidePasswords
andReadOnly
, we resolve multiple groups by taking theMIN
value - representing the most generous permissions for the user (i.e.0
, indicating that they can view passwords and edit). However, we also applied this toManage
, which gives them the least generous permissions (0
, indicating that they cannot manage).Change
MIN([Manage])
toMAX([Manage])
so that if the user has Manage permissions from 1 group, that will override the others.Code changes
Before you submit
dotnet format --verify-no-changes
) (required)