human-essentials icon indicating copy to clipboard operation
human-essentials copied to clipboard

Published 20 hours ago verified publisher icon rubyforgood

Restrict partner-user-management to bank org admins

Open awwaiid opened this issue 8 months ago • 1 comments

Summary

We only link to the PartnerUser management page for bank admins, but in app/controllers/partner_users_controller.rb we don't re-assert that restriction. Add a bank-org admin check to this controller.

Things to consider

No response

Criteria for Completion

  • [ ] When logged in as a bank non-admin user, you should get a permission denied error when navigating to /partners/ID/users

awwaiid avatar Jun 19 '24 14:06 awwaiid