[dicom archive] add project permission check based on tarchiveID #9359
Conversation
| $tarchiveID = intval($_REQUEST['tarchiveID']); | ||
| $projectID = self::getProjectFromTarchiveID($tarchiveID); | ||
| if (is_null($projectID)) { | ||
| return false; |
There was a problem hiding this comment.
Should this be return true? Otherwise no one will ever be able to see it?
(Maybe a discussion for an imaging meeting?)
There was a problem hiding this comment.
That means the TarchiveID does not exist in db or is not linked to a project.. ?
I was not sure about this. It is even possible?
There was a problem hiding this comment.
Point added to next imaging meeting.
There was a problem hiding this comment.
I'm assuming it would mean the TarchiveID is not linked to a project
There was a problem hiding this comment.
Imaging meeting: no one should see it by default.
There should be a specific permission to see the list of "dangling TarchiveIDs" (Tarchive not assigned to any Project). Also might be good to have a front-end page for that.
It will be linked to a new issue.
christinerogers
left a comment
There was a problem hiding this comment.
This looks to me like it will do the job, provided Dave's change is merged.
Co-authored-by: Dave MacFarlane <[email protected]>
|
@christinerogers I'm interested in understanding why you would approve this PR 5 minutes after we discussed at the loris meeting that this might create conflicts between the view detail page and the main menu filter of the module and then clearly establishing that it will be brought up with @regisoc upon his return |
Brief summary of changes
This PR checks the user attached projects on top of the
dicom_archive_view_allsitespermission when trying to access theview detailspage.Link(s) to related issue(s)
Resolves #6658