Skip to content

Comments

Remove SUPER_ADMIN req in accessory routes#207

Open
mattrabe wants to merge 1 commit intodwijitsolutions:masterfrom
mattrabe:patch-1
Open

Remove SUPER_ADMIN req in accessory routes#207
mattrabe wants to merge 1 commit intodwijitsolutions:masterfrom
mattrabe:patch-1

Conversation

@mattrabe
Copy link

@mattrabe mattrabe commented Jul 8, 2017

Re #206

@gdbhosale
Copy link
Member

gdbhosale commented Jul 15, 2017

Hello @mattrabe, Access to these routes should only be given to Super Admin.

Best Regards.

@mattrabe
Copy link
Author

mattrabe commented Jul 18, 2017

Hi @gdbhosale - There is a conflict here: we are able to give people without the SUPER_ADMIN permission access to the admin panel, and access to Create+Edit modules, but without access to these routes, those non-SUPER_ADMIN users will always receive a verification fail on @unique fields. Please see #206.

Is there already a method in place to work around this? When I look at the code it appears to be "hard-coded" to only SUPER_ADMIN, which seems to create this problem.

@gdbhosale
Copy link
Member

gdbhosale commented Jul 19, 2017

Hi,
Your problem is genuine but solution lies in moving unique check route outside SUPER_ADMIN constraints.

Will do this.

@mattrabe
Copy link
Author

mattrabe commented Jul 19, 2017

@gdbhosale That makes sense, the unique check shouldn't be grouped with the other, more secure features it would seem. I look forward to your update!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mattrabe @gdbhosale