[192988] Fix permissions #3722
[192988] Fix permissions #3722
Conversation
patryk-dabrowski
force-pushed
the
fix/192988
branch
from
5bdb1f8 to
5c48dcf
Compare
| ) | ||
| else: | ||
| return has_program_access and (has_user_roles or has_partner_roles) | ||
| return has_user_roles |
There was a problem hiding this comment.
if self.partner.is_unicef:
has_program_access = True
has_partner_roles = permission in DEFAULT_PERMISSIONS_LIST_FOR_IS_UNICEF_PARTNER
else:
has_program_access = str(program_id) in self.get_partner_programs_areas_dict(business_area_id=business_area.pk)
has_partner_roles = self.cached_has_partner_roles_for_business_area_and_permission(
business_area=business_area,
permission=permission,
)
?
Permission can still originate from partner UNICEF
There was a problem hiding this comment.
UNICEF partner still has access to all programs, but user permissions determine to which business area and which features, in previous implementations in some cases, UNICEF partner had access to all business areas
There was a problem hiding this comment.
But is it supposed to no longer grant any permissions now? Because right now users under UNICEF partner will not inherit any permissions.
Shouldn't UNICEF partner grant the permissions from the default list for the BAs that user has access to? So if user has access to Afg, but with role that grants only some 1 basic permission, he should have all permissions from UNICEF partner inside this BA, I think.
AB#192988