Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent named places being accessible by persons without permission for forms with MHL.restrictAccessStrict #48

Open
olzraiti opened this issue Nov 21, 2024 · 2 comments
Open

Prevent named places being accessible by persons without permission for forms with MHL.restrictAccessStrict #48

olzraiti opened this issue Nov 21, 2024 · 2 comments
Assignees
@olzraiti
Milestone
API /v1

Comments

@olzraiti
Copy link
Member

No description provided.

@olzraiti olzraiti self-assigned this Nov 21, 2024
@olzraiti olzraiti added this to the API /v1 milestone Nov 21, 2024
@olzraiti olzraiti changed the title Named places should not be accessible for forms with MHL.restrictAccessStrict Named places should not be accessible for persons without form permission for forms with MHL.restrictAccessStrict Nov 21, 2024
@olzraiti
Copy link
Member Author

Actually the current implementation is that if the named places query has a collectionID, then it will fetch only places with public: true. All our named places with collectionID are public.

So, we shouldn't implement this form permissions checking if all the places are anyway public.

Closed as wontfix.

FYI @esko-piirainen as we planned on this face to face.

@olzraiti
Copy link
Member Author

Or we could drop the public property and do access control based on collectionID & form permissions... That could simplify things as now there's two ways of access control.

I already implemented the form permissions based access control, stashed to branch named-places-query-check-for-form-permissions-48

@olzraiti olzraiti reopened this Nov 21, 2024
@wkmor1 wkmor1 changed the title Named places should not be accessible for persons without form permission for forms with MHL.restrictAccessStrict Prevent named places being accessible by persons without permission for forms with MHL.restrictAccessStrict Nov 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@olzraiti olzraiti

Labels
None yet
Projects
None yet
Milestone
API /v1
Development

No branches or pull requests
1 participant
@olzraiti