Bug #13367

Restricting access to one DO in a carousel breaks access to parent collection

Added by Dan Gillean about 1 month ago.

Status:NewStart date:06/25/2020
Priority:MediumDue date:
Assignee:-% Done:


Category:Access Control
Target version:-
Google Code Legacy ID: Tested version:2.5, 2.6
Sponsored:No Requires documentation:


First reported via the user forum, 2020-06-22: https://groups.google.com/d/msg/ica-atom-users/rZcah4x9-tw/9JhbXyRnCgAJ
Reproduced in qa/2.6.x on 2020-06-25 by DG

To reproduce

  • Make sure you have some data that includes collections with digital objects attached to lower levels. I am using the public demo data, and testing with the Irving Steinberg Sudbury Slide collection. M
  • Pick a lower level description in your descriptive hierarchy with an image attached for testing
  • Log in as an admin and navigate to Admin > Groups
  • Create a new group
  • In the Archival description permissions tab, Add custom permissions for the target description. Restrict access to all digital objects and save
  • Create a new user account, and add them to your custom group. Save
  • Log out, and log in as the new user
  • Try to navigate to the parent collection record

Error encountered

Cannot navigate to parent collection record - results in white screen. Error log:

2020/06/25 20:08:29 [error] 534#534: *11 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Uncaught ArgumentCountError: Too few arguments to function QubitDigitalObject::getGenericRepresentation(), 1 passed in /usr/share/nginx/atom/apps/qubit/modules/digitalobject/actions/imageflowComponent.class.php on line 71 and exactly 2 expected in /usr/share/nginx/atom/lib/model/QubitDigitalObject.php:2004
Stack trace:
#0 /usr/share/nginx/atom/apps/qubit/modules/digitalobject/actions/imageflowComponent.class.php(71): QubitDigitalObject::getGenericRepresentation('image/jpeg')
#1 /usr/share/nginx/atom/vendor/symfony/lib/helper/PartialHelper.php(388): DigitalObjectImageflowComponent->execute(Object(sfWebRequest))
#2 /usr/share/nginx/atom/vendor/symfony/lib/helper/PartialHelper.php(150): _call_component('digitalobject', 'imageflow', Array)
#3 /usr/share/nginx/atom/plugins/sfIsadPlugin/modules/sfIsadPlugin/templates/indexSuccess.php(50): get_component('digitalobject', 'imageflow', Array)
#4 /usr/share/nginx/atom/cache/qubit/prod/config/config_core_compile.yml.php(3895): require('" while reading response header from upstream, client:, server: _, request: "GET /irving-steinberg-sudbury-slide-collection HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.atom.sock:", host: "", referrer: "" 

Expected result

  • Can still access the collection level record
  • Can still see other digital objects in the carousel
  • The restricted item is not shown in the carousel and view page of its related description - a placeholder is instead


The user reporting in forum, using 2.5, could still access the collection level record, but no digital objects would display in the carousel. I got a 500 error entirely when trying to access the collection record.

Also available in: Atom PDF