Skip to content

Enforce that user must have ACL groups access of the Record for purge, create and update operations.

Johnny Guo requested to merge enforce-record-owner-access into master

• What is the change? This change is to make sure that if a user wants to purge/update/create a record, the user must have access to record ACL groups, which means be a member of any ACL group of the record.

• What does it impact? If a user does not belong to any ACL group of the record, he/she cannot update/create/purge it after the PR is merged.

• How do I reproduce or test the change? Here I add and update unit tests and integration tests, you can also manually test the deployment.

Merge request reports