Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| } | ||
| if (pathname === '/engagements') { | ||
| return canViewEngagements ? 3 : 0 | ||
| return isAdmin ? 3 : 0 |
There was a problem hiding this comment.
[❗❗ correctness]
The logic change here from canViewEngagements to isAdmin could potentially alter the intended access control. Ensure that this change aligns with the business requirements, as it restricts access to the '/engagements' path strictly to admins, whereas previously it was accessible to both admins and talent managers.
| this.props.unloadProjects() | ||
| this.setState({ currentTab: 2 }) | ||
| } else if (tab === 3 && canViewEngagements) { | ||
| } else if (tab === 3 && isAdmin) { |
There was a problem hiding this comment.
[❗❗ correctness]
Similar to the change on line 153, this modification restricts access to the '/engagements' tab to only admins. Verify that this change is intentional and aligns with the updated access control requirements.
| )()} | ||
| /> | ||
| {canAccessEngagements && ( | ||
| {isAdmin && ( |
There was a problem hiding this comment.
[correctness]
The change from canAccessEngagements to isAdmin restricts access to the /engagements route to only admins. Ensure that this change aligns with the intended access control policy, as it removes access for Talent Managers.
| /> | ||
| )} | ||
| {!canAccessEngagements && ( | ||
| {!isAdmin && ( |
There was a problem hiding this comment.
[correctness]
The change from !canAccessEngagements to !isAdmin means that non-admin users will see the warning message. Verify that this behavior is intended, as it alters the access logic for non-admin users.
2 participants
Restrict non admins from accessing the Engagements tab. TMs no longer have access.
However, the nested routes for engagements in Projects still stay the same. Both admins and TMs can access those.
/engagements : Only admins
/projects/{:projectId}/engagements : Both admins and TMs