You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@isis.apache.org by "Daniel Keir Haywood (Jira)" <ji...@apache.org> on 2022/09/26 13:20:00 UTC

[jira] [Created] (ISIS-3220) in simpleapp, as sven, we "recentAuditTrail" mixin action (and similar) even though have no perms to return type.

Daniel Keir Haywood created ISIS-3220:
-----------------------------------------

             Summary: in simpleapp, as sven, we  "recentAuditTrail" mixin action (and similar) even though have no perms to return type.
                 Key: ISIS-3220
                 URL: https://issues.apache.org/jira/browse/ISIS-3220
             Project: Isis
          Issue Type: Bug
          Components: Isis Core
    Affects Versions: 2.0.0-M8
            Reporter: Daniel Keir Haywood
             Fix For: 2.0.0-RC1


Instead, we should have a facet that surpresses the visibliity of the action if the user has no perms to view it.

Believe we do this for properties and collections already; so it's either a matter of extending this logic to actions, or to tracking down a bug if we already have it implemented.

To reproduce:

- log on to simpleapp sven, who has no perms to view AuditLogEntry, but does have access to 'recentAuditTrailEntries' mixin action.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)