Skip to content

Enforce record owner access for Update/Purge records

Johnny Guo requested to merge johnny-enforce-record-owner-access into master

Issue 17

  • What is the change? This change is to make sure that if a user wants to purge/update a record, the user must have access to record ACL groups, which means be a member of any ACL owner group of the record.

  • What does it impact? If a user does not belong to any ACL group of the record, he/she cannot update/purge it after the PR is merged.

  • How do I reproduce or test the change? Here I add and update unit tests and integration tests, you can also manually test the deployment.

  • Other? I saw some files were using tab indent, so I have changed use 4spaces indent in this PR, so there are files with whole file changes, so please ignore space changes when reviewing PR.

Please uncheck "show space change" while reviewing code changes, instructions as the following picture: image

Edited by Chad Leong

Merge request reports