Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict partner-user-management to bank org admins #4458

Open
1 task
awwaiid opened this issue Jun 19, 2024 · 1 comment · May be fixed by #4468
Open
1 task

Restrict partner-user-management to bank org admins #4458

awwaiid opened this issue Jun 19, 2024 · 1 comment · May be fixed by #4468

Comments

@awwaiid
Copy link
Collaborator

awwaiid commented Jun 19, 2024

Summary

We only link to the PartnerUser management page for bank admins, but in app/controllers/partner_users_controller.rb we don't re-assert that restriction. Add a bank-org admin check to this controller.

Things to consider

No response

Criteria for Completion

  • When logged in as a bank non-admin user, you should get a permission denied error when navigating to /partners/ID/users
@awwaiid awwaiid mentioned this issue Jun 19, 2024
Merged
@napster235 napster235 linked a pull request Jun 21, 2024 that will close this issue
Open
@cielf
Copy link
Collaborator

cielf commented Aug 25, 2024

Status: There is an open PR that needs some work on fixing tests to push it over the line.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[4458] - Restrict non admins to partner users napster235/human-essentials
2 participants
@awwaiid @cielf