-
Notifications
You must be signed in to change notification settings - Fork 491
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AO3-6760 Check admin roles in UnsortedTagsController #4903
base: master
Are you sure you want to change the base?
AO3-6760 Check admin roles in UnsortedTagsController #4903
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just one thing!
@@ -5,13 +5,17 @@ class UnsortedTagsController < ApplicationController | |||
before_action :check_permission_to_wrangle | |||
|
|||
def index | |||
authorize :wrangling if logged_in_as_admin? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would be good to use view_access?
directly here instead of going via the action because index
is one of the actions where the various wrangling related controllers have different access levels.
That way the index?
alias can be removed and we won't have someone accidentally converting e.g. TagWranglersController to using the index?
permission and giving more roles access than intended.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
Pull Request Checklist
Issue
https://otwarchive.atlassian.net/browse/AO3-6760
Purpose
Restricts access to the Unsorted Tags bin to
superadmin
,policy_and_abuse
, andtag_wrangling
admins. For the PAC admins, view-only access is allowed; the other two roles have full (view/edit) access.