Skip to content

Route destination operations should require write permissions in the app's space #5285

Description

@svkrieger

Issue

Currently, the permission model for route destination operations is inconsistent with respect to the app's space. The table below shows which roles in the app's
space/org
are sufficient (assuming the user already has space_developer in the route's space and the route has been explicitly shared with the app's space):

Role in app's space/org Add destination Replace destinations Update destination Delete destination
space_developer
space_supporter
space_manager
space_auditor
org_manager
org_auditor
org_billing_manager
no role
admin
admin_read_only
global_auditor

Three problems stand out:

  1. Add/Replace: read-only roles (space_manager, space_auditor, org_manager) are sufficient to wire up routing to an app they cannot write to.
  2. Update/Delete: no role in the app's space is required at all — any user with write access to the route's space can modify or remove destinations regardless of
    which space the app lives in.
  3. admin_read_only and global_auditor: these read-only global roles can perform all four mutating operations, which contradicts their intended purpose.

Context

No response

Steps to Reproduce

see #5284

Expected Result

No response

Current Result

No response

Possible Fix

Proposed change: All four operations should require space_developer or space_supporter in the app's space. Only admin should be exempt as the global write role.
admin_read_only and global_auditor should be denied just like any other role without write access to the app's space.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions