Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BUG Only allow the owner of a LoginSession to view/delete it #62

Merged
merged 11 commits into from
Apr 21, 2021
Merged

BUG Only allow the owner of a LoginSession to view/delete it #62

merged 11 commits into from
Apr 21, 2021

Conversation

maxime-rainville
Copy link

Fixes #57

@maxime-rainville maxime-rainville mentioned this pull request Apr 15, 2021
Closed
8 tasks
emteknetnz
emteknetnz requested changes Apr 15, 2021
View reviewed changes
Copy link
Member

@emteknetnz emteknetnz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks really good, minor changes only

src/Extension/MemberExtension.php Show resolved Hide resolved
src/Extension/MemberExtension.php Outdated Show resolved Hide resolved
src/Model/LoginSession.php Show resolved Hide resolved
src/Model/LoginSession.php Show resolved Hide resolved
src/Extension/MemberExtension.php Show resolved Hide resolved
src/Model/LoginSession.php Outdated Show resolved Hide resolved
@maxime-rainville maxime-rainville mentioned this pull request Apr 19, 2021
Open
2 tasks
emteknetnz
emteknetnz reviewed Apr 21, 2021
View reviewed changes
doc/en/permissions.md Outdated Show resolved Hide resolved
emteknetnz
emteknetnz requested changes Apr 21, 2021
View reviewed changes
Copy link
Member

@emteknetnz emteknetnz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, very minor alternation to docs (add a namespace to the sample extension)

@emteknetnz
Copy link
Member

emteknetnz commented Apr 21, 2021
edited
Loading

Found an issue during manual testing, noticed that a non-admin user isn't able to revoke their own sessions. My test user was in the group "Content authors". When that user attempted to revoke a session I see a red toast "Could not log out of session. Try again later"

@maxime-rainville
Copy link
Author

I don't think it's a CanView/CanDelete problem. Checked out the 1 branch and got the same result.

The problem is probably that non-admin users are not allowed to interact with the LoginSessionController.

@emteknetnz emteknetnz merged commit ab7e947 into silverstripe:1 Apr 21, 2021
@emteknetnz emteknetnz deleted the pulls/1/sessien-visible-only-to-owner branch April 21, 2021 22:02
@emteknetnz emteknetnz mentioned this pull request Apr 21, 2021
Closed
6 tasks
@emteknetnz
Copy link
Member

Have agreed to split of non-admin revoking as a separate issue #67

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clarkepaul clarkepaul clarkepaul left review comments

@brynwhyman brynwhyman brynwhyman left review comments

@emteknetnz emteknetnz emteknetnz requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Sessions should only be visible by owning user
4 participants
@maxime-rainville @emteknetnz @clarkepaul @brynwhyman