Project

General

Profile

Actions
Copy link

Bug #2931

closed

Non-privileged user can't delete authorization tokens.

Added by Peter Amstutz over 10 years ago. Updated over 10 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Tom Clegg
Category:
-
Target version:
2014-06-17 Curating and Crunch
Story points:
1.0

Description

Under the following conditions
  • A link exists in the database with head_uuid=null and link_class='permission', owned by (say) admin
  • Non-admin user creates an ApiClientAuthorization (e.g., with the "share" button on the Workbench "show collection" page)
  • Non-admin user deletes the ApiClientAuthorization (e.g., "unshare")

Result: Permission denied. "dependent: destroy" hook tries to delete all links with head_uuid=null.

Actions
Copy link
 #1

Updated by Tom Clegg over 10 years ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Tom Clegg over 10 years ago

  • Subject changed from Workbench can't delete authorization tokens used by "share" button. to Non-privileged user can't delete authorization tokens.
  • Assigned To set to Tom Clegg
Actions
Copy link
 #3

Updated by Tom Clegg over 10 years ago

  • Description updated (diff)
Actions
Copy link
 #4

Updated by Anonymous over 10 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

Applied in changeset arvados|commit:c7ee5e02cae78d3edff6ed393d776c4995441896.

Actions
Copy link
 #5

Updated by Ward Vandewege over 10 years ago

  • Story points set to 1.0
Actions
Copy link

Also available in: Atom PDF