Skip to content

FIX #10789 Add a warning if we add a contact that has a user#30301

Merged
eldy merged 6 commits intoDolibarr:developfrom
solution-libre:fix-external-users-cannot-see-projects
Mar 25, 2025
Merged

FIX #10789 Add a warning if we add a contact that has a user#30301
eldy merged 6 commits intoDolibarr:developfrom
solution-libre:fix-external-users-cannot-see-projects

Conversation

@FlorentPoinsaut
Copy link
Copy Markdown
Contributor

@FlorentPoinsaut FlorentPoinsaut commented Jul 5, 2024
edited
Loading

FIX #10789 Add a warning if we add a contact that has a user

@eldy
Copy link
Copy Markdown
Member

eldy commented Jul 6, 2024
edited
Loading

Can you check the user of the external user is correctly assigned to the project ? If not, this is the trouble.

Current rule to manage permission on project is:
Your user is assigned to the project, you can see the project.
Your user is not, you can't (except if you have the permission see all project even if not assigned).

So permission is managed by the user and only the users. Trying to introduce permissions based on other element than users is dangerous. it may generates a lose of control of the security. All the security layer must be based on the user and only the user.
So current behaviour is the expected feature.

it is clearthat being able to assign a contact to a project may let think we grant permission. But permission system is not handled by contacts, but by users and only users. So i recommend instead of this PR, to add a picto "warning, you must assign the user to allow access..." on the page to assign contact when we assign a contact (that is just an information) of an external user instead of assigning the user (that give the permission).

@eldy eldy added the Discussion Some questions or discussions are opened and wait answers of author or other people to be processed label Jul 6, 2024
@FlorentPoinsaut FlorentPoinsaut force-pushed the fix-external-users-cannot-see-projects branch from 057c273 to efd2635 Compare July 11, 2024 16:49
@FlorentPoinsaut FlorentPoinsaut changed the title FIX #10789 External users cannot see projects FIX #10789 Add a warning if we add a contact that has a user Jul 11, 2024
@FlorentPoinsaut
Copy link
Copy Markdown
Contributor Author

FlorentPoinsaut commented Jul 11, 2024
edited
Loading

OK @eldy I add a warning message :)

@FlorentPoinsaut FlorentPoinsaut force-pushed the fix-external-users-cannot-see-projects branch from 9174181 to 23fc9d9 Compare July 11, 2024 19:45
@FlorentPoinsaut FlorentPoinsaut force-pushed the fix-external-users-cannot-see-projects branch from c825d76 to 38b2da8 Compare July 12, 2024 19:56
@eldy eldy added PR not sync and branch locked PR not sync with branch. Can't sync because branch seems forbidden to external contributions and removed Discussion Some questions or discussions are opened and wait answers of author or other people to be processed labels Jul 23, 2024
@eldy
Copy link
Copy Markdown
Member

eldy commented Aug 15, 2024

@FlorentPoinsaut
Branch needs to be updated (merge) with last develop to fix CTI errors. But i have no permission on your branches to do it (i can do it on other PR, don't know hy i can't with yours). Can you do it ?

@FlorentPoinsaut
Copy link
Copy Markdown
Contributor Author

FlorentPoinsaut commented Aug 26, 2024

It's done @eldy

@eldy eldy closed this in 2d60d8f Mar 25, 2025
@eldy eldy merged commit f8b179c into Dolibarr:develop Mar 25, 2025
@github-project-automation github-project-automation Bot moved this from 👀 In review to ✅ Done in @FlorentPoinsaut's backlog Mar 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

PR not sync and branch locked PR not sync with branch. Can't sync because branch seems forbidden to external contributions

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

External users cannot see projects

2 participants

@FlorentPoinsaut @eldy