admin/raven-client
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Deactivate users cancel auth token, also docs

Browse Source
This commit is contained in:
John Cardinal
2021-11-10 21:31:37 +00:00
parent 0502159435
commit ddfaf6110f
1 changed files with 3 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
ayanova/devdocs/todo.txt
View File

@@ -214,27 +214,9 @@ function ayGroupByTag(reportDataArray, tagContains) {
- 1 todo: firefox schedule fix: https://github.com/vuetifyjs/vuetify/issues/14243#issuecomment-944907925
-1 todo: (SERVER / CLIENT) server metrics database tables "xx others" always shows at top, sb either at very bottom or removed entirely? It's confusing
actually, why is it showing so much data, shouldn't they be in the list if there is that much data in some of those tables?
or should literally all tables show maybe, that might be more useful, no cut-off?
- 1 double check roles at client, the way authorizationroles.hasrole is coded makes me think it might be wrong
it only checks that the value is nonzero but in postgres I noticed it needs to compare if the resulting value equals the exact role being checked
i.e. it's not enough to go userroles & desiredrole>0 but rather userroles&desiredrole==desiredrole
confirm the filter in datatable matches what is really happening on login and access etc
-1 Schedule settings always on first setting shows nothing set for the color source even though it's defaulted to a known value?!
-1 Schedule, what is the maximum number of techs can show in team view, can show more with scroll?
-3 Schedule, what is the maximum number of techs can show in team view, can show more with scroll?
seeder should prevent going over this max (tags/prefilter/gen less)
-1 logged in as tech user tried to change status got not authorized when it was closed status?
yeah, tech user can't seem to set any locking status or maybe any status, they have "service techncian" only role
- 1 security jwt tokens and expiration, can a user just keep working if they are set to inactive because their token hasn't expired as long as they don't login fresh?
should tokens refresh periodically and have a super short life?
https://stackoverflow.blog/2021/10/06/best-practices-for-authentication-and-authorization-for-rest-apis/?utm_source=Iterable&utm_medium=email&utm_campaign=the_overflow_newsletter
- 2 metrics ops page should show the little dots so know where to position the mouse to see the reading at that point
@@ -956,5 +938,6 @@ BUILD 136 CHANGES OF NOTE
In v8migrate, if a part is unused then it's qty goes into suggested and quantity is set to zero
Inventory sync no change as it's now correct as the quantities are zero for unused parts so no out of balance issue
- Fixed issue where admin-history page was showing untranslated translation keys for Object column (this fix also fixed with several other data lists like event log, reviews, attachments list etc)
- Removed "XXX Others" item from ops->Metrics db top tables display, not relevant and masking the relative sizes of actually relevant tables
- Fixed issue where a User set to inactive still had access as long as they didn't log out. Now, setting inactive zaps their auth token and they are immediately locked out.