You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@isis.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2023/01/13 08:59:00 UTC

[jira] [Commented] (ISIS-3220) in simpleapp, as sven, we "recentAuditTrail" mixin action (and similar) even though have no perms to return type.

    [ https://issues.apache.org/jira/browse/ISIS-3220?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17676531#comment-17676531 ] 

ASF subversion and git services commented on ISIS-3220:
-------------------------------------------------------

Commit 4cf8917c8dd71001f9f2190452446f63150d2e88 in isis's branch refs/heads/master from danhaywood
[ https://gitbox.apache.org/repos/asf?p=isis.git;h=4cf8917c8d ]

ISIS-3220: removes .drawio, have committed the .drawio.png instead


> in simpleapp, as sven, we  "recentAuditTrail" mixin action (and similar) even though have no perms to return type.
> ------------------------------------------------------------------------------------------------------------------
>
>                 Key: ISIS-3220
>                 URL: https://issues.apache.org/jira/browse/ISIS-3220
>             Project: Isis
>          Issue Type: Bug
>          Components: Isis Core
>    Affects Versions: 2.0.0-M8
>            Reporter: Daniel Keir Haywood
>            Priority: Major
>             Fix For: 2.0.0-RC2
>
>
> Instead, we should have a facet that surpresses the visibliity of the action if the user has no perms to view it.
> Believe we do this for properties and collections already; so it's either a matter of extending this logic to actions, or to tracking down a bug if we already have it implemented.
> To reproduce:
> - log on to simpleapp sven, who has no perms to view AuditLogEntry, but does have access to 'recentAuditTrailEntries' mixin action.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)