We have moved to GitHub Issues
You are viewing the read-only archive of Umbraco's issue tracker. To create new issues, please head over to GitHub Issues.
Make sure to read the blog posts announcing the move for more information.
Created by Shannon Deminick 05 Feb 2018, 10:42:24 Updated by Jacob Midtgaard-Olesen 16 Mar 2018, 08:01:02
Relates to: CON-1490
Subtask of: U4-10796
This will require re-targeting Forms to a min version of 7.9.0 - this means we will release a new major version of Forms.
To determine if a user has access to sensitive data, there's a new IUser extension method in 7.9.0 which checks for a User Group
*Any form field can be marked as 'sensitive' (possibly borrowing any UI/messaging that now exists in 7.9) *Front end logic needs to exist for editing a form - if the user does not have access to Sensitive values, then they cannot modify the sensitive value flag *Back end logic needs to exist for editing a form - if the user does not have access to Sensitive values, then they cannot modify the sensitive value flag - we need to validate this on the server so it cannot be hacked
PR for this is here - https://github.com/umbraco/Forms/pull/180
Test Notes
*Requires you use Umbraco 7.9 for this to work *In your Umbraco install of 7.9 (ensure you have 2 users, one in and one not in the sensitive data group) *Create a NEW form as user who has access and create a form with more or fields marked as sensitive *Log out & switch users **Can you see the fields indicated with a lock & text above each field preview that were marked as sensitive? **Verify you cannot see the option in the field settings overlay to toggle/change the value
*Try & hack a request where the JSON payload to test & verify the serverside validation checks for a user who does not have access: **New Forms created can not contain ANY fields marked as sensitive **Updating an existing form field that was previously marked as sensitive to now not be **Adding a new form field to the design/form & marking that new field as sensitive data
Great work!
Priority: Normal
Type: Task
State: Fixed
Assignee:
Difficulty:
Category:
Backwards Compatible: False
Fix Submitted:
Affected versions:
Due in version: 7.0.0
Sprint: Sprint 78
Story Points: 5
Cycle: 8