When both Allow and Deny cropping leases are applied, Deny should win… #3860
Comments
4 tasks
|
would you ever want to filter which group of users the allow or deny applies to? for example do you ever want to allow Observer user to crop, but not the Guardian user? the division in BBC is between News teams and the Program production teams , News users are licenced to Crop agency images, and Program user not unless they pay. |
|
Yes, we were thinking about this as this sound helpful. But that’s about it – just thinking. I guess we could think about it as part of multi-tenancy discussions… |
paperboyo
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Short description
…instead Allow wins, which is not safe.
Steps to reproduce
Ask someone to apply two active cropping leases: Allow and Deny. Try cropping image yourslef while not having edit_metadata permission. Cropping should be disabled.
Actual results
Cropping is allowed.
Expected results
Cropping should be denied.
OS and browser details
All.
The text was updated successfully, but these errors were encountered: