Just upgraded a customer to 0.55 and it looks like the enforcement of security has changed.
They have an action button with the action stored in a model. The users don't have access to the model.
In 0.54, this worked. In 0.55, I've had to grant view rights to the model.
This is a nuisance as I was hiding the models to avoid confusion.
Is this an intentional change that I need to learn to live with or was the old functionality correct?
let me try to understand:
- create a model
- create an action based on that model (e.g. insert)
- hide the model (put it on a collection that only admins can use)
- create a normal user and try to use the action
is that correct?
Looks like it's not a change after all. I'm seeing the same in 53 (and presumably 54).
If a question is based on a Model, the user doesn't need rights to view the collection containing the model.
However, for a user to view a dashboard containing an Action, they do need rights to the model containing the Action (ie need rights to the collection holding the model).
Bit of an oddity, but something I can work with (I've managed this far!!).