Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disallow adding/editing of retrospectives for users no longer in the group #118

Open
mbramson opened this issue Mar 6, 2017 · 0 comments
Open

Disallow adding/editing of retrospectives for users no longer in the group #118

mbramson opened this issue Mar 6, 2017 · 0 comments
Labels
bug difficulty: intermediate help wanted
Milestone
Functionally comp...

Comments

@mbramson
Copy link
Contributor

mbramson commented Mar 6, 2017

Currently, if a user is no longer in a group, they can still edit retrospectives that they created while they were in that group. They can also add retrospectives for pairs they were in while they were in the group. This allows the user to view the group's projects (which they should not have access to if they are no longer in that group).

Users that are no longer in a group associated with a pair they were in should not be allowed to access the :new, :create, :edit, or :update routes for such a retrospective. They should be allowed to view the retrospective if they are no longer in the group, so they should be allowed to access the :show route for such a restrospective.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug difficulty: intermediate help wanted
Projects
None yet
Milestone
Functionally complete Groups
Development

No branches or pull requests
1 participant
@mbramson