Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MWS: Newly created users can access resources #8859

Open
Jermolene opened this issue Dec 23, 2024 · 2 comments
Open

MWS: Newly created users can access resources #8859

Jermolene opened this issue Dec 23, 2024 · 2 comments

Comments

@Jermolene
Copy link
Member

Steps to reproduce:

  1. Start with a fresh install of MWS
  2. Run npm install and npm start
  3. Visit http://127.0.0.1:8080/ in a browser
  4. Click the button "Add Admin Account"
  5. Enter suitable details for an admin account and click "Add User"
  6. Choose "Manage Users" and then add the details of a new secondary user account
  7. Click the home button
  8. Choose "Manage Roles" and create a new role called OPERATOR
  9. Return to manage users and assign the secondary user to the role OPERATOR
  10. In a different browser, visit http://127.0.0.1:8080/ and login as the secondary user
  11. Attempt to access a wiki, and observe that access is unexpectedly granted. I would have expected that a new user in a new role who has not been assigned any resources would not be granted read access to wikis/bags

cc @webplusai
@Jermolene
Copy link
Member Author

Tests were performed with the commit ddfc8c4

@pmario
Copy link
Member

pmario commented Dec 23, 2024

I think we need to discuss these behaviours in more details first, before we start to "finalize" the ACL rules.

Need to think a bit more.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Jermolene @pmario