Exports by unathenticated users should always use --public option
|Google Code Legacy ID:||Tested version:|
I discovered this issue while testing for #8993. While exporting from the CLI using the --public option will now exclude physical storage columns if they are hidden via Visible elements, users can still get this information by exporting from the clipboard. This is the case for both CSV and XML exports currently.
- As an admin, navigate to Visible elements and uncheck the Physical storage, so it is hidden for public users.
- Log out
- As a public user, navigate to a hierarchy that you know has physical storage information. Confirm it is hidden in the user interface.
- Now, try the EAD 2002 XML option in the right-hand context menu. Error 1: Phsysical storage info is included (regression?)
- Add the top-level record to the clipboard, and then export as both CSV and EAD 2002 XML
- Error 2: Physical storage information is included in all exports.
All exports available to public user (view page EAD; clipboard EAD; clipboard CSV) include physical storage info, despite it being hidden via Visible elements.
When a user is unauthenticated/public, and physical storage is hidden via the Visible elements module, then no export should include physical storage information. Similarly, physical storage info should be excluded from finding aids if the "Generate as public user" setting is set.