Bug #12118

Groups will not set permissions from more than 1 archival institution for descriptions

Added by Dan Gillean about 4 years ago. Updated almost 4 years ago.

Status:FeedbackStart date:04/09/2018
Priority:MediumDue date:
Assignee:Dan Gillean% Done:

0%

Category:User management
Target version:-
Google Code Legacy ID: Tested version:2.4, 2.5
Sponsored:No Requires documentation:

Description

Issue first reported by UofT users in 2.4.0. Reproduced in local qa/2.5.x vagrant test environment.

To reproduce

  • Create a new group - "FOO"
  • Set all archival permissions to DENY
  • Add custom permissions for an institution (A) and set all permissions to GRANT
  • Add custom permissions for a second institution (B) and set all permissions to GRANT
  • Save group
  • Navigate to Admin > Users and create new user "BAR"
  • Add user BAR to group FOO and save
  • Log out, and log back in as user BAR
  • Navigate to a description linked to institution B - all permissions granted, everything seems ok
  • Navigate to a description linked to institution A

Resulting error

  • User Foo has same permissions on descriptions linked to A as to any general description in AtoM - custom permissions are not being included
  • It appears that only one institution's permissions are being applied - in this case, for institution B, since it was the second set of custom permissions added
  • This is despite the fact that the user interface allows users to add multiple custom institution permissions

Expected result

  • User has all permissions on descriptions linked to both institution A and B
  • Users can add custom description permissions for more than 1 institution at a time
  • If this is not possible, then the UI should not allow users to add custom repository permissions for more than 1 institution at a time, and the docs should indicate this limitation.

Workaround

  • For now, users can get around this issue by creating multiple separate groups (each group will have custom repository permissions for only 1 repository) and then adding a user account to multiple groups.

Related issues

Related to Access to Memory (AtoM) - Bug #5783: Group deny permissions for viewing descriptions and refer... New 10/11/2013
Related to Access to Memory (AtoM) - Bug #7695: Setting custom taxonomy delete permissions overrides all ... New 12/11/2014
Related to Access to Memory (AtoM) - Bug #5749: Permissions do not behave as expected New 10/04/2013

History

#1 Updated by Nick Wilkinson about 4 years ago

  • Assignee set to José Raddaoui Marín

#2 Updated by Nick Wilkinson almost 4 years ago

  • Assignee changed from José Raddaoui Marín to Mike Cantelon

Hi Mike, passing to you to balance out workloads.

#3 Updated by Mike Cantelon almost 4 years ago

  • Status changed from New to Feedback
  • Assignee changed from Mike Cantelon to Dan Gillean

Hi Dan. When I followed your steps to reproduce what ended up happening was "bar" was denied reading both descriptions (the one associated with A and the one associated with B, both published). If you can think of anything I might be doing wrong, let me know, otherwise I'll just dig in and investigate further (I definitely need to read up on the permissions functionality anyways).

#4 Updated by Dan Gillean over 2 years ago

  • Related to Bug #5783: Group deny permissions for viewing descriptions and reference images by archival institution not working added

#5 Updated by Dan Gillean over 2 years ago

  • Related to Bug #7695: Setting custom taxonomy delete permissions overrides all taxonomy delete permissions added

#6 Updated by Dan Gillean over 2 years ago

  • Related to Bug #5749: Permissions do not behave as expected added

Also available in: Atom PDF