Bug #3261

Can't assign multiple access rules per role

Added by David Juhasz over 12 years ago. Updated about 9 years ago.

Status:DuplicateStart date:
Priority:LowDue date:
Assignee:David Juhasz% Done:

0%

Category:-
Target version:Release 1.4.0
Google Code Legacy ID:atom-1311 Tested version:
Sponsored: Requires documentation:

Description

To reproduce this error: ========================
1) Create a user 'Hilary', and assign them to a group with 'edit'
permissions (e.g. editor)
2) Add a new user permission to deny edit permission in all repositories
3) Add a new user permission to allow edit permission on a single
repository (e.g. 'Archives of the Fraser Valley')

(see screenshot)

Resulting error: ================
When logged in as Hilary, the show screen of an information object in
repository 'Foo' will allow 'edit' privileges (Should be denied on all
repositories except 'Archives of the Fraser Valley)

Last permission entered (in this case 'allow' for repository 'Archives of
the Fraser Valley') is the only user permission checked.

NOTE: If the "editor" group is removed from Hilary, then she will be denied
access on all repositories except 'Archives of the Fraser Valley' because
there is no longer a valid 'grant' rule at the group level.

See: http://framework.zend.com/issues/browse/ZF-9129

Expected result: ================
Hilary should not be able to edit information objects in any repository
except 'Archives of the Fraser Valley'

[g] Legacy categories: Access control

multiple_permissions_bug.png (93.6 KB) David Juhasz, 12/01/2012 02:34 AM


Related issues

Duplicates Access to Memory (AtoM) - Bug #3659: User with update permissions for only one repository can ... New

History

#1 Updated by David Juhasz over 12 years ago

This error is demonstrated in the ACL Selenium test suite.

#2 Updated by Anonymous almost 12 years ago

  • Priority set to Low

[g] Labels added: Priority-Low

#3 Updated by David Juhasz almost 12 years ago

  • Priority changed from Low to High

[g] Labels added: Priority-High
[g] Labels removed: Priority-Low

#4 Updated by David Juhasz almost 12 years ago

  • Subject set to Can't assign multiple access rules per role

Fix spelling

#5 Updated by Evelyn McLellan over 11 years ago

  • Target version changed from Release 1.1 to Release 1.2

[g] Labels added: Milestone-Release-1.2
[g] Labels removed: Milestone-Release-1.1

#6 Updated by Tim Hutchinson about 11 years ago

I ran into the same thing - note that this is the method currently outlined in the user manual.

See workaround in /p/qubit-toolkit/issues/detail?id=1710 (David's screenshot) - add permissions to authenticated role rather than removing permissions from editor/contributor role.

#7 Updated by David Juhasz almost 11 years ago

  • Priority changed from High to Medium

[g] Labels added: Priority-Medium
[g] Labels removed: Priority-High

#8 Updated by David Juhasz almost 11 years ago

  • Priority set to Low

[g] Labels added: Priority-Low

#9 Updated by David Juhasz over 10 years ago

  • Target version set to Release 1.3

Roll over to Release 1.3

[g] Labels added: Milestone-Release-1.3

#10 Updated by David Juhasz almost 10 years ago

Reassign to David's new account.

[g] New owner: David Juhasz

#11 Updated by Jessica Bushey almost 10 years ago

  • Status changed from New to Duplicate

#12 Updated by Dan Gillean over 9 years ago

  • Target version changed from Release 1.3 to Release 2.1.0

#13 Updated by David Juhasz about 9 years ago

  • Target version changed from Release 2.1.0 to Release 1.4.0

Also available in: Atom PDF