summaryrefslogtreecommitdiff
path: root/issues/gn-auth/problems-with-roles.gmi
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2024-06-06 15:59:01 -0500
committerFrederick Muriuki Muriithi2024-06-06 15:59:01 -0500
commit7ba5a0485e276530d36901f7d7bbdd0fbff82479 (patch)
tree9aef839948a5d30e61f59255bf8f5ac9b4d232bc /issues/gn-auth/problems-with-roles.gmi
parent24f924eb936ce38f6193377fdd8b0db16b2540de (diff)
downloadgn-gemtext-7ba5a0485e276530d36901f7d7bbdd0fbff82479.tar.gz
Update issue with completed tasks
Diffstat (limited to 'issues/gn-auth/problems-with-roles.gmi')
-rw-r--r--issues/gn-auth/problems-with-roles.gmi11
1 files changed, 7 insertions, 4 deletions
diff --git a/issues/gn-auth/problems-with-roles.gmi b/issues/gn-auth/problems-with-roles.gmi
index 6c124e4..46f3c52 100644
--- a/issues/gn-auth/problems-with-roles.gmi
+++ b/issues/gn-auth/problems-with-roles.gmi
@@ -25,10 +25,10 @@ The implementation should instead, tie the roles to the specific resource, rathe
* [x] Remove the `….create_action` function: raise exception when used
* [x] Remove the "Roles" page on the UI
-* [ ] migration: Remove `group:role:[create|delete|edit]-role` privileges from `group-leader` role
-* [ ] migration: Add `resource:role:[create|delete|edit]-role` privileges to `resource-owner` role
-* [ ] migration: Create new `resource_roles` db table linking each resource to roles that can act on it, and the user that created the role
-* [ ] migration: Drop table `group_roles` deleting all data: data here could already have privilege escalation in place
+* [x] migration: Remove `group:role:[create|delete|edit]-role` privileges from `group-leader` role
+* [x] migration: Add `resource:role:[create|delete|edit]-role` privileges to `resource-owner` role
+* [x] migration: Create new `resource_roles` db table linking each resource to roles that can act on it, and the user that created the role
+* [x] migration: Drop table `group_roles` deleting all data in the table: data here could already have privilege escalation in place
* [ ] Create a new "Roles" section on the "Resource-View" page, or a separate "Resource-Roles" page to handle the management of that resource's roles
* [ ] Ensure user can only assign roles they have created - maybe?
@@ -36,3 +36,6 @@ The implementation should instead, tie the roles to the specific resource, rathe
=> https://github.com/genenetwork/genenetwork2/commit/7d0c5cf8d2ab49f6a98c0a15189da5b7fa1695fd
=> https://github.com/genenetwork/genenetwork2/commit/c1af1940cca1ae54d424632e8c5f06b55cae071a
+=> https://git.genenetwork.org/gn-auth/commit/?h=handle-role-privilege-escalation&id=5d34332f356164ce539044f538ed74b983fcc706
+=> https://git.genenetwork.org/gn-auth/commit/?h=handle-role-privilege-escalation&id=f691603a8e7a1700783b2be6f855f30d30f645f1
+=> https://git.genenetwork.org/gn-auth/commit/?h=handle-role-privilege-escalation&id=2363842cc81132a2592d5cda98e6ebf1305e8482