human-essentials icon indicating copy to clipboard operation
human-essentials copied to clipboard
verified publisher icon rubyforgood

Restrict partner-user-management to bank org admins

Open awwaiid opened this issue 1 year ago • 1 comments

Summary

We only link to the PartnerUser management page for bank admins, but in app/controllers/partner_users_controller.rb we don't re-assert that restriction. Add a bank-org admin check to this controller.

Things to consider

No response

Criteria for Completion

  • [ ] When logged in as a bank non-admin user, you should get a permission denied error when navigating to /partners/ID/users

awwaiid avatar Jun 19 '24 14:06 awwaiid

Status: There is an open PR that needs some work on fixing tests to push it over the line.

cielf avatar Aug 25 '24 08:08 cielf

I'll try to wrap this up.

coalest avatar Jan 08 '25 13:01 coalest