Groups will not set permissions from more than 1 archival institution for descriptions
|Assignee:||Dan Gillean||% Done:|
|Google Code Legacy ID:||Tested version:||2.4, 2.5|
Issue first reported by UofT users in 2.4.0. Reproduced in local qa/2.5.x vagrant test environment.
- Create a new group - "FOO"
- Set all archival permissions to DENY
- Add custom permissions for an institution (A) and set all permissions to GRANT
- Add custom permissions for a second institution (B) and set all permissions to GRANT
- Save group
- Navigate to Admin > Users and create new user "BAR"
- Add user BAR to group FOO and save
- Log out, and log back in as user BAR
- Navigate to a description linked to institution B - all permissions granted, everything seems ok
- Navigate to a description linked to institution A
- User Foo has same permissions on descriptions linked to A as to any general description in AtoM - custom permissions are not being included
- It appears that only one institution's permissions are being applied - in this case, for institution B, since it was the second set of custom permissions added
- This is despite the fact that the user interface allows users to add multiple custom institution permissions
- User has all permissions on descriptions linked to both institution A and B
- Users can add custom description permissions for more than 1 institution at a time
- If this is not possible, then the UI should not allow users to add custom repository permissions for more than 1 institution at a time, and the docs should indicate this limitation.
- For now, users can get around this issue by creating multiple separate groups (each group will have custom repository permissions for only 1 repository) and then adding a user account to multiple groups.
#3 Updated by Mike Cantelon almost 4 years ago
- Status changed from New to Feedback
- Assignee changed from Mike Cantelon to Dan Gillean
Hi Dan. When I followed your steps to reproduce what ended up happening was "bar" was denied reading both descriptions (the one associated with A and the one associated with B, both published). If you can think of anything I might be doing wrong, let me know, otherwise I'll just dig in and investigate further (I definitely need to read up on the permissions functionality anyways).