Fix bug where full access gives minimal access (!768) · Merge requests · Crafty Controller / Crafty 4

What does this MR do and why?

Give full API permission mask to anyone who selects "full access"
This will still compare with their role permission mask and take the lowest possible permission mask from the comparison.

How to set up and validate locally

Create a user and assign them an API key with full access only.
Give the user access to something, schedules, logs, etc with a role or SU.
Run a GET request on postman.

You will get not authorized before when not using this branch with the fix.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Have you checked this doesn't interfere/conflict/duplicate someone elses work?
Have you fully tested your changes?
Have you resolved any lint issues?
Have you assigned a reviewer?
Have you applied correct labels?

Edited Jun 02, 2024 by Andrew

Fix bug where full access gives minimal access

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports