Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed #9798: Scope departments for FullMultipleCompanySupport #9799

Merged
merged 2 commits into from
Oct 29, 2021
Merged

Fixed #9798: Scope departments for FullMultipleCompanySupport #9799

merged 2 commits into from
Oct 29, 2021

Conversation

Toreg87
Copy link
Contributor

@Toreg87 Toreg87 commented Jul 7, 2021

Description

If a user tries to view or edit a department from a different company with FullMultipleCompanySupport enabled, there is a 403 error displayed. Apply the correct company scope in order to only display the departments from the own company in the departments view.

Fixes #9798

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

  • A standard user can only view departments of his own company in /departments
  • Super users can view every department in /departments

Steps to reproduce the issue in the demo are in issue #9798.

Test Configuration:

  • PHP version: 7.3
  • MySQL version: mariadb 10.3
  • Webserver version: apache 2.4.38
  • OS version: debian 10

Checklist:

This is my first pull request for this project and the first github pull request in general, so please advise me if there is something wrong.

@Toreg87
Fix scope of departments for FullMultipleCompanySupport
9e1d7ff 
If a user tries to view or edit a department from a different company
with FullMultipleCompanySupport enabled, there is a 403 error displayed.
Apply the correct company scope in order to only display the departments
from the own company in the departments view.

Signed-off-by: Tobias Regnery <[email protected]>
@Toreg87 Toreg87 requested a review from snipe as a code owner July 7, 2021 08:13
@welcome
Copy link

welcome bot commented Jul 7, 2021

💖 Thanks for this pull request! 💖

We use semantic commit messages to streamline the release process and easily generate changelogs between versions. Before your pull request can be merged, you should update your pull request title to start with a semantic prefix if it doesn't have one already.

Examples of commit messages with semantic prefixes:

  • Fixed #<issue number>: don't overwrite prevent_default if default wasn't prevented
  • Added #<issue number>: add checkout functionality to assets
  • Improved Asset Checkout: use new notification method for checkout

Things that will help get your PR across the finish line:

  • Document any user-facing changes you've made.
  • Include tests when adding/changing behavior.
  • Include screenshots and animated GIFs whenever possible.

We get a lot of pull requests on this repo, so please be patient and we will get back to you as soon as we can.

@snipe snipe merged commit e932cdf into snipe:develop Oct 29, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@snipe snipe Awaiting requested review from snipe snipe is a code owner

Assignees
No one assigned
Labels
backend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Toreg87 @snipe