Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue with upload profile picture #1336

Open
Tracked by #1465
mahalakshme opened this issue Sep 13, 2024 · 4 comments
Open
Tracked by #1465

Issue with upload profile picture #1336

mahalakshme opened this issue Sep 13, 2024 · 4 comments
Assignees
@1t5j0y

Comments

@mahalakshme
Copy link
Contributor

mahalakshme commented Sep 13, 2024
edited
Loading

https://avni.freshdesk.com/a/tickets/3776

AC:

  • Uploading icons for report cards, subject type, individual profile picture should be possible if the user has corresponding privilege for the entity. ie. 'Edit offline dashboard and report card', 'Edit subject type' and 'Register subject' resp., The same for uploading image when creating a news broadcast
  • it should not require 'Edit Organisation Configuration' privilege.

Technical:

It is happening because we have one save upload image endpoint which is used from different places and it should require appropriate privilege.
@mahalakshme mahalakshme mentioned this issue Sep 16, 2024
Open
@mahalakshme
Copy link
Contributor Author

@petmongrels the second issue( 2. the other issue i noticed was that, in dea after uploading if I go back in the wizard then the image is not shown. ) u had mentioned in the ticket seems to be for the same reason:- it is happening bcoz image upload didnt happen.

or am I missing something?

@petmongrels
Copy link
Contributor

petmongrels commented Sep 17, 2024 via email

@1t5j0y 1t5j0y self-assigned this Sep 17, 2024
1t5j0y added a commit to avniproject/avni-server that referenced this issue Sep 18, 2024
@1t5j0y
avniproject/avni-webapp#1336 | Enforce media sub folder specific priv…
dcd6368 
…ileges

- Fixed access to news write APIs to check EditNews privilege
1t5j0y added a commit that referenced this issue Sep 18, 2024
@1t5j0y
#1336 | Handle errors and don't continue with save while uploading pr…
6729931 
…ofile pic for subject

- Minor refactoring for variables named 'bucket' which were actually referring to folders in line with changes made on server
@1t5j0y
Copy link
Contributor

1t5j0y commented Sep 19, 2024

Additional commit: avniproject/avni-server@b9a82de

@1t5j0y
Copy link
Contributor

1t5j0y commented Sep 19, 2024
edited
Loading

Changes:

  • Refactoring to change incorrectly named API params and variables which referred to 'bucket' when the intent was 'folder'.
  • Writes to news entities fixed to require EditNews privilege and not EditOrganisationConfiguration
  • Enforced RegisterSubject or EditSubject access check on Subject save from DEA
  • Enforced media sub folder level access for uploads via POST /media/saveImage?folderName=
    -- no folderName specified - error condition
    -- folderName is 'icons' - EditSubjectType or EditOfflineDashboardAndReportCard
    -- folderName is 'news' - EditNews
    -- folderName is 'profile-pics' - RegisterSubject or EditSubject (any subject type)
  • Fixed transactional entity specific access check to only consider non voided group_privileges

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@1t5j0y 1t5j0y

Labels
None yet
Projects
Avni Product
Status: QA Ready
Milestone
No milestone
Development

No branches or pull requests
3 participants
@petmongrels @mahalakshme @1t5j0y