Adding multiple ACL group taxonomy rules - only last one added applies
|Google Code Legacy ID:||Tested version:||2.5, 2.6|
When multiple ACL group taxonomy rules with 'grant’ permissions are created (e.g. for subjects and places), only the taxonomy for which the ACL rule was created last (most recently) will allow the creation of new terms when editing a description.
Steps to replicate:
- create two taxonomy rules applying to a new group (custom group) granting all permissions. (see attached screenshot A)
- log into AtoM as a user in the new group
- edit a description
- try to add a new term in both of the taxonomy fields for which ACL rules were added (e.g. place and subject). (see attached screenshot B)
- only the taxonomy that was added last will accept new terms being added even though permissions have been granted for both taxonomies.
#1 Updated by Steve Breker about 2 years ago
Multiple group taxonomy rules should be able to be added.
When multiple rules have been created, the ACL permissions should apply correctly per taxonomy.
Screen shot C shows the permissions DB table with the 6 taxonomy rows.
In the WebUI, the subject and place taxonomy protect the 'add' functionality with ACL checks here:
In contrast, the genre taxonomy 'add' function when editing a description checks the ACL for the linked actor:
In the ACL plugin, new conditional ACL check objects are created here:
In the conditional ACL check object, the permission is evaluated here:
In the permissions object itself, the constant is always set to the last entered taxonomy permission role (See screenshot C - shows the most recently entered permission record at the bottom.
Debug statements from QubitAclPermission showing the conditional when it does not match:
Oct 24 15:20:15 symfony [err] 1: %p[taxonomy] 'places', taxonomy, places
Oct 24 15:20:15 symfony [err] key: taxonomy subjects %p[taxonomy] 'places'
Oct 24 15:20:15 symfony [err] conditional: 'subjects' 'places'
Since in the permission object, the conditional is always equal to the last permission row, the conditional statement does not match and access is not allowed: conditional: 'subjects' 'places'