Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIX #10789 Add a warning if we add a contact that has a user #30301

Open
wants to merge 4 commits into
base: develop
Choose a base branch
from
Open

FIX #10789 Add a warning if we add a contact that has a user #30301

wants to merge 4 commits into from

Conversation

FlorentPoinsaut
Copy link
Contributor

@FlorentPoinsaut FlorentPoinsaut commented Jul 5, 2024
edited
Loading

FIX #10789 Add a warning if we add a contact that has a user

@eldy
Copy link
Member

eldy commented Jul 6, 2024
edited
Loading

Can you check the user of the external user is correctly assigned to the project ? If not, this is the trouble.

Current rule to manage permission on project is:
Your user is assigned to the project, you can see the project.
Your user is not, you can't (except if you have the permission see all project even if not assigned).

So permission is managed by the user and only the users. Trying to introduce permissions based on other element than users is dangerous. it may generates a lose of control of the security. All the security layer must be based on the user and only the user.
So current behaviour is the expected feature.

it is clearthat being able to assign a contact to a project may let think we grant permission. But permission system is not handled by contacts, but by users and only users. So i recommend instead of this PR, to add a picto "warning, you must assign the user to allow access..." on the page to assign contact when we assign a contact (that is just an information) of an external user instead of assigning the user (that give the permission).

@eldy eldy added the Discussion Some questions or discussions are opened and wait answers of author or other people to be processed label Jul 6, 2024
@FlorentPoinsaut FlorentPoinsaut force-pushed the fix-external-users-cannot-see-projects branch from 057c273 to efd2635 Compare July 11, 2024 16:49
@FlorentPoinsaut FlorentPoinsaut changed the title FIX #10789 External users cannot see projects FIX #10789 Add a warning if we add a contact that has a user Jul 11, 2024
@FlorentPoinsaut
Copy link
Contributor Author

FlorentPoinsaut commented Jul 11, 2024
edited
Loading

OK @eldy I add a warning message :)

@FlorentPoinsaut FlorentPoinsaut force-pushed the fix-external-users-cannot-see-projects branch from 9174181 to 23fc9d9 Compare July 11, 2024 19:45
@FlorentPoinsaut FlorentPoinsaut force-pushed the fix-external-users-cannot-see-projects branch from c825d76 to 38b2da8 Compare July 12, 2024 19:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Discussion Some questions or discussions are opened and wait answers of author or other people to be processed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

External users cannot see projects
2 participants
@FlorentPoinsaut @eldy