Bug #13420

Bug #13419: User group permissions for Authority Record digital objects don't exist

Authorty record digital objects have broken hyperlink for Master records

Added by Peter Van Garderen about 1 year ago. Updated 21 days ago.

Status:VerifiedStart date:09/18/2020
Priority:MediumDue date:
Assignee:-% Done:

0%

Category:Actor
Target version:Release 2.7.0
Google Code Legacy ID: Tested version:
Sponsored:No Requires documentation:

Description

On the Authority Record view template, any digital objects that are linked to it use the path "<base domain URL>/?" for the Master file.

See:

https://projects.artefactual.com/issues/13388#note-7

https://projects.artefactual.com/issues/13388#note-8

"As an unauthenticated user I can't view the master digital object (correct behaviour), but the Digital object metadata > File name displays as a hyperlink, with an "href" of "http://10.10.10.10/?"."

"The default Read permission of the anonymous group on authority records is Grant. This is what likely protects access to actor related DOs.

But after looking at some of the parts involved:

view: [[https://github.com/artefactual/atom/blob/3fd98a458c973d52473c11b00c7076289ddd0182/apps/qubit/modules/digitalobject/actions/viewAction.class.php#L48]]
link creation: [[https://github.com/artefactual/atom/blob/3fd98a458c973d52473c11b00c7076289ddd0182/lib/model/QubitActor.php#L838]]

It looks like we might need to change https://github.com/artefactual/atom/blob/3fd98a458c973d52473c11b00c7076289ddd0182/apps/qubit/modules/digitalobject/actions/metadataComponent.class.php#L67 to:

$this->canAccessMasterFile = sfContext::getInstance()->user->isAuthenticated();

or viceversa?

History

#1 Updated by Dan Gillean 21 days ago

  • Status changed from New to Verified
  • Assignee deleted (Douglas Cerna)

Also available in: Atom PDF