E1845 Issues Related to Security: Difference between revisions
No edit summary |
No edit summary |
||
| Line 8: | Line 8: | ||
== User Deletion == | == User Deletion == | ||
The majority of the project was related to solving issues regarding the deletion of Administrator and Instructor accounts. | The majority of the project was related to solving issues regarding the deletion of Administrator and Instructor accounts. Administrator and Instructor both inherit behavior from User but are handled and deleted in different codepaths. Furthermore, properties are used on a User that aren't on an Administrator, such as team ids or course associations. | ||
Administrator and Instructor both inherit behavior from User but are handled and deleted in different codepaths. Furthermore, properties are used on a User that aren't on an Administrator, such as team ids or course associations. | |||
The first step towards fixing the deletion functionality was to sort out the routing issues. No listing in the routing table existed for administrator deletion, and no controller method existed for neither administrator nor instructor deletion. With both of those in place, the only issue left was the deletion functionality. | |||
Revision as of 16:02, 31 October 2018
The scope of this project was to sort out issues related to roles and user accounts on the Expertiza system.
Testing
In order to test all functionality, a super-administrator account is needed. The following account can be used in a standard Expertiza deployment:
- - Super_administrator2 : password
User Deletion
The majority of the project was related to solving issues regarding the deletion of Administrator and Instructor accounts. Administrator and Instructor both inherit behavior from User but are handled and deleted in different codepaths. Furthermore, properties are used on a User that aren't on an Administrator, such as team ids or course associations.
The first step towards fixing the deletion functionality was to sort out the routing issues. No listing in the routing table existed for administrator deletion, and no controller method existed for neither administrator nor instructor deletion. With both of those in place, the only issue left was the deletion functionality.