Can view the proxy/sponsor accordion without the permission Users: can view proxies assigned to users.
Description
CSP Request Details
None
CSP Rejection Details
None
Potential Workaround
None
Checklist
hideTestRail: Results
Activity
Show:
Brooks TravisJanuary 12, 2022 at 2:37 PM
I don't know that I ever really paid that much attention to whether the proxies accordion appeared on a user record, but it makes sense, to me, that they would be visible, since the permission to "view" proxies is required to perform check out. I guess we could ask them to put an explicit check for the "Users: can view proxy relationships" permission in the UI for the accordion (I believe it currently checks for the sub-permission "proxiesfor.collection.get", which is a sub-permission of "Check out: All permissions", on top of the "Users: Can view user profile" permission). If a user only has permissions to view the user profile, but not check out items, then they shouldn't see the proxies.
Won't Do
Details
Assignee
UnassignedUnassignedReporter
patty.wanningerpatty.wanningerLabels
Priority
P4Development Team
ProkopovychTestRail: Cases
Open TestRail: CasesTestRail: Runs
Open TestRail: Runs
Details
Details
Assignee
Unassigned
UnassignedReporter
patty.wanningerLabels
Priority
P4Development Team
Prokopovych
TestRail: Cases
Open TestRail: Cases
TestRail: Runs
Open TestRail: Runs
Created July 24, 2021 at 8:19 PM
Updated March 16, 2023 at 11:52 PM
Resolved March 16, 2023 at 11:52 PM
The Proxy/sponsor accordion is showing even if the user does not have the specific "Users: can view proxy relationships."
A user with the following permissions can see the proxy/sponsor accordion. It can be opened but not edited by the user.
Check in: All permissions
Check out: All permissions
Check out: Check out circulating items
Check out: View fees/fines
Check out: View loans
Check out: View request
It looks to me like these checkout permissions include the views that were previously separately permissioned.