server icon indicating copy to clipboard operation
server copied to clipboard

Published 20 hours ago verified publisher icon alkem-io

BUG: Space Admin has admin privilege on Platform level

Open Comoque1 opened this issue 9 months ago • 1 comments

Describe the bug A clear and concise description of what the bug is.

To Reproduce Steps to reproduce the behavior:

  1. Go to https://acc-alkem.io/graphql
  2. Make sure you are authenticated with Space admin and not GA or GSA
  3. Run the following query
query {
  platform {
    authorization {
      myPrivileges
    }
  }
}
  1. User get "admin" privilege on platform level image.png

Expected behavior Space admin doesn't have "admin" privilege on platform level.

Additional context The server doesn't allow the user to reset policies of other spaces, change space / account platform settings or create innovations packs.

Comoque1 avatar May 10 '24 07:05 Comoque1

@Comoque1 good catch - this is I think a legacy assignment that was done to allow the space admin to access the admin section of the site. It can likely go, once the PR related to the path changes are done: https://github.com/alkem-io/client-web/pull/6159

@me-andre how is it working with settings on a user / org? I can imagine there is the same issue re paths there...

techsmyth avatar May 10 '24 11:05 techsmyth

Verified locally, no longer the case. With a user that is SPACE_ADMIN on one space only, and no PLATFORM roles, I have:

query {
  platform {
    authorization {
      myPrivileges
    }
  }
}

{
  "data": {
    "platform": {
      "authorization": {
        "myPrivileges": [
          "READ_USERS",
          "CREATE_ORGANIZATION",
          "ACCESS_INTERACTIVE_GUIDANCE"
        ]
      }
    }
  }
}

valentinyanakiev avatar Aug 09 '24 09:08 valentinyanakiev