Hide all buttons if actions are restricted by Objects ACLs

Description

We should hide all buttons, if a usergroup has not sufficient rights (defined by new Object ACLs) to execute the actions.

Activity

Show:
Michael Batz
November 25, 2020, 2:11 PM

Tested successfully, can be reviewed

Michael Batz
November 24, 2020, 3:33 PM

Tested again. Looks good to me, only the table view on dashboard needs to be updated.

Did the following tests:

test case 1:

  • group "Read Only" has system rights object.*

  • ACLs activated for one type ("ddd")

  • group "Read Only" not defined in ACLs for type "ddd"

problems in test case 1:

  • tables on dashboard: view / copy / preview / edit / delete buttons were shown

test case 2:

  • group "Read Only" has system rights object.*

  • ACLs activated for one type ("ddd")

  • ACL for group "Read Only" in type "ddd": READ

=> works perfect

test case 3:

  • group "Read Only" has system rights object.*

  • ACLs activated for one type ("ddd")

  • ACL for group "Read Only" in type "ddd": CREATE READ

=> works perfect

test case 4:

  • group "Read Only" has system rights object.*

  • ACLs activated for one type ("ddd")

  • ACL for group "Read Only" in type "ddd": CREATE READ UPDATE

=> works perfect

test case 5:

  • group "Read Only" has system rights object.*

  • ACLs activated for one type ("ddd")

  • ACL for group "Read Only" in type "ddd": CREATE READ UPDATE DELETE

=> works perfect

Michael Batz
November 24, 2020, 10:26 AM

I’ll need to recheck that behavior

Dorus Blanken
November 24, 2020, 9:51 AM
Edited

Does the Read Only group have System rights? If the System rights aren’t give the ACL is ignored and the buttons are not shown.

Michael Batz
November 24, 2020, 9:31 AM
Edited

test case 1:

  • group "Read Only" has system rights object.view

  • ACLs activated for one type ("ddd")

  • group "Read Only" not defined in ACLs for type "ddd"

problems in test case 1:

  • tables on dashboard: view / copy / preview buttons were shown

 

test case 2:

  • group "Read Only" has system rights object.view

  • ACLs activated for one type ("ddd")

  • ACL for group "Read Only" in type "ddd": READ

works perfect

 

test case 3:

  • group "Read Only" has system rights object.view

  • ACLs activated for one type ("ddd")

  • ACL for group "Read Only" in type "ddd": CREATE READ

problems in test case 3:

  • object tables: add button is missing

  • object tables: copy button displayed but does not work (other issue?)

 

test case 4:

  • group "Read Only" has system rights object.view

  • ACLs activated for one type ("ddd")

  • ACL for group "Read Only" in type "ddd": CREATE READ UPDATE

problems in test case 4:

  • object tables: add button is missing

  • object tables: copy button displayed but does not work (other issue?)

  • object tables: edit action button is missing

  • object tables: bulk change button is missing

  • object view page: edit action button is missing

 

test case 5:

  • group "Read Only" has system rights object.view

  • ACLs activated for one type ("ddd")

  • ACL for group "Read Only" in type "ddd": CREATE READ UPDATE DELETE

problems in test case 5:

  • object tables: add button is missing

  • object tables: copy button displayed but does not work (other issue?)

  • object tables: edit action button is missing

  • object tables: bulk change button is missing

  • object tables: bulk delete button is missing

  • object tables: delete action button is missing

  • object view page: edit action button is missing

  • object view page: delete action button is missing

Done

Assignee

Dorus Blanken

Reporter

Michael Batz

Labels

None

Story Points

3

Tester

None

Sprint

None

Fix versions

Priority

Medium