flagsmith icon indicating copy to clipboard operation
flagsmith copied to clipboard
verified publisher icon Flagsmith

The tag-based permission only validate some views

Open novakzaballa opened this issue 1 year ago • 2 comments

How are you running Flagsmith

  • [ ] Self Hosted with Docker
  • [ ] Self Hosted with Kubernetes
  • [X] SaaS at flagsmith.com
  • [X] Some other way (add details in description below)

Describe the bug

The tag-based permission with UPDATE_FEATURE_STATE only validates FeatureStatePermissions and not EnvironmentFeatureStatePermissions. This last one is used when updating a feature state value from the feature modal.

Steps To Reproduce

  1. Create a role with View Project, View environment, and update feature state, add a tag, and assign it to test user
  2. Log in with the test user
  3. Go to the project -> environment that you have permission to access.
  4. Select a feature and update the feature state
  5. The feature state was updated successfully (This is an error)

Expected behavior

If the feature does not have the same tag, the feature state value should not be updated.

Screenshots

No response

CC: @matthewelwell @gagantrivedi @kyle-ssg

novakzaballa avatar Jul 05 '24 21:07 novakzaballa

@gagantrivedi can you confirm if this is expected behaviour or not?

matthewelwell avatar Jul 08 '24 15:07 matthewelwell

@gagantrivedi can you confirm if this is expected behaviour or not?

Looks like a legit issue to me

gagantrivedi avatar Jul 09 '24 02:07 gagantrivedi

Fixed in https://github.com/Flagsmith/flagsmith/pull/4523

gagantrivedi avatar Oct 21 '24 09:10 gagantrivedi