Added login and permission check to mailbox page
Closes #771 (closed) and #769 (closed)
What does this MR do?
Added a check to mailbox page which will redirect users if they are not logged in or do not have sufficient permissions. Shows an error if users who are not BIEB try to access the mailbox.
How confident are you it won't break things if deployed?
Would appreaciate some thorough testing to make sure everyone who's supposed to access the mailbox can do so.
Links to related issues
none
How to test
Announcement in #foodsharing-beta:
Wir haben ein paar Details bei der Berechtigungs-Überprüfung in den Mailboxen angepasst – seid so gut und testet das mal. Könnt ihr die Mailboxen wie gewohnt aufrufen und seht den Inhalt, den ihr erwartet? Orgas: Könnt ihr https://beta.foodsharing.de/?page=mailbox&a=manage aufrufen? Gerne auch mal testen, falls ihr weder Bieb, Bot oder Orga seid: Wenn ihr https://beta.foodsharing.de/?page=mailbox aufruft, erscheint eine sinnvolle Fehlermeldung?
MR: !1260 (merged)
-
Visit ?page=mailbox while logged out
-
Expected: Redirect to login form
-
Visit ?page=mailbox&a=manage while logged out
-
Expected: Redirect to login form
-
Visit ?page=mailbox&a=manage with insufficient permissions
-
Expected: Redirect to dashboard with error message
-
Visit ?page=mailbox&a=manage being Orga
-
Be able to manage mailbox
-
Visit ?page=mailbox being Bieb
-
Be able to see mailbox
Screenshots (if applicable)
Checklist
-
added a test, or explain why one is not needed/possible... -
no unrelated changes -
asked someone for a code review -
joined #foodsharing-beta channel at https://slackin.yunity.org -
added an entry to CHANGELOG.md (description, merge request link, username(s)) -
Once your MR has been merged, you are responsible to update the #foodsharing-beta Slack channel about what has been changed here. They will test your work in different browsers, roles or other settings