Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-5408

Add authorization checks when trying to edit a request

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: EJBCA 6.6.0
    • Fix Version/s: EJBCA 6.6.0
    • Component/s: None
    • Labels:
      None
    • Issue discovered during:
      Another issue

      Description

      We need an access check when trying to edit a request in the RA. Currently, any user who is able to see the manage request page of a request, is able the edit the request also.

      I guess that the requestor should always be able to edit. For other admins, I think it's enough to require permission to approve, to be able to edit.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              samuel Samuel Lidén Borell
              Reporter:
              samuel Samuel Lidén Borell
              Verified by:
              Tomas Gustavsson
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: