-
Notifications
You must be signed in to change notification settings - Fork 187
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove Link Password based on permission #7538
Comments
@janackermann I am implementing the backend already. Needs tests. See linked ocis PR. |
@micbar thx, please let me know as soon as those open prs are merged I will continue on that |
I'd like to propose that a user with the permission can opt out in the form field instead of setting a password in the first place and then deleting it afterwards. That would still be a conscious decision.. maybe ui wise even with "danger zone" checks like github does it in repo settings. |
backend implementation is assuming that the "CREATE" always needs to enforce a password. Only the "UPDATE" can leave the password empty. IMO this is the flow which was originally designed. |
More arguments. If you implement it like this, we have no enforcement at all on the server side. |
@janackermann PR in ocis is merged. "Admin" and "SpaceAdmin" have the permission You need to set |
Updated story points to 8, because lots of issues in web.... |
Description
User Stories 🗣️
Value 💵
Empower security by default and make insecure links a conscious user decision
Userflow 💻
The User creates public link with "Viewer" permission
The user must enter a password (pw follows the policy)
Acceptance Criteria
ReadOnlyPublicLinkPassword.Delete
exists in the settings serviceAPI Request as Einstein (has no opt out permission)
Response 403 - Forbidden
Definition of ready
[ ] everybody needs to understand the value written in the user story
[ ] acceptance criteria has to be defined
[ ] all dependencies of the user story need to be identified
[ ] feature should be seen from an end user perspective
[ ] user story has to be estimated
[ ] story points need to be less then 20
Definition of done
[ ] functionality described in the user story works
[ ] acceptance criteria are fulfilled
[ ] code review happened
[ ] CI is green
[ ] critical code received unit tests by the developer
[ ] automated tests passed (if automated tests are not available, this test needs to be created and passed
[ ] no sonar cloud issues
The text was updated successfully, but these errors were encountered: