Bug #3659
User with update permissions for only one repository can update other repositories' records
| Status: | New | Start date: | ||
|---|---|---|---|---|
| Priority: | Low | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | Access Control | |||
| Target version: | - | |||
| Google Code Legacy ID: | atom-1710 | Tested version: | ||
| Sponsored: | No | Requires documentation: |
Description
To reproduce this error:
========================
1)Create a user and modify permissions similar to the attached screenshot
2)Log in as the user
3)Navigate to an information object belonging to a repository that is not the repository for which the user has update permission
Resulting error:
================
User can update information objects belonging to repositories other than the one s/he has permission for
Expected result:
================
User should be able to update information objects belonging only to the specified repository
[g] Legacy categories: Access control
Related issues
History
#1 Updated by Evelyn McLellan over 11 years ago
- Subject set to User with view draft/update permissions for only one repository can view drafts of and update other repositories' records
- Priority changed from High to Critical
Also, user with view draft permissions for one repository only can view drafts of descriptions belonging to other repositories. Am changing title to reflect this and upgrading the issue to critical.
[g] Labels added: Priority-Critical
[g] Labels removed: Priority-High
#2 Updated by David Juhasz over 11 years ago
- Subject set to User with update permissions for only one repository can update other repositories' records
- Priority changed from Critical to High
- Target version changed from Release 1.1 to Release 1.2
- File acl2.png added
This is two separate issues. I've created /p/qubit-toolkit/issues/detail?id=1821 to address the "view drafts" problem.
I'm bumping this issue (Related to editing descriptions in other repositories) because you can avoid the problem by using the permissions shown in the attached screenshot "acl2.png", and solving for the original ACL case is complex.
[g] Labels added: Priority-High, Milestone-Release-1.2
[g] Labels removed: Priority-Critical, Milestone-Release-1.1
#3 Updated by Tim Hutchinson about 11 years ago
See also /p/qubit-toolkit/issues/detail?id=1311. Since I didn't initially clue into the details of the screenshot above, I will just add that the key is to add permissions to the authenticated group, rather than assigning the user to an editor/contributor group and then denying roles for all information objects and adding back roles for a single institution (as documented in the user manual).
#4 Updated by David Juhasz almost 11 years ago
- Priority changed from High to Medium
[g] Labels added: Priority-Medium
[g] Labels removed: Priority-High
#6 Updated by Anonymous over 10 years ago
- Priority changed from Low to High
The user manual has been changed to reflect the new "workaround" for restricting a user permissions to a single repository; however, the question has been raised as to how this will impact Memory BC migration.
[g] Labels added: Priority-High
[g] Labels removed: Priority-Low
#7 Updated by David Juhasz over 10 years ago
- Target version set to Release 1.3
Roll over to Release 1.3
[g] Labels added: Milestone-Release-1.3
#8 Updated by David Juhasz almost 10 years ago
Reassign to new account.
[g] New owner: David Juhasz
#11 Updated by Jessica Bushey over 9 years ago
- Target version changed from Release 1.3 to Release 2.1.0
[g] Labels added: Milestone-Release-2.0
[g] Labels removed: Milestone-Release-1.3
#12 Updated by David Juhasz over 9 years ago
- Priority changed from High to Low
- Target version deleted (
Release 2.1.0) - Sponsored set to No
We have a workaround for this issue, so I'm downgrading to "Low" priority.
#13 Updated by David Juhasz over 8 years ago
- Category set to Access Control
#14 Updated by David Juhasz almost 6 years ago
- Assignee deleted (
David Juhasz)