Bug #5783

Group deny permissions for viewing descriptions and reference images by archival institution not working

Added by Jessica Bushey over 8 years ago. Updated about 7 years ago.

Status:NewStart date:10/11/2013
Priority:HighDue date:
Assignee:José Raddaoui Marín% Done:

0%

Category:Access Control
Target version:-
Google Code Legacy ID: Tested version:
Sponsored:No Requires documentation:

Description

1. create group
2. deny permissions to read archival descirptions and access reference digital objects for specific archival institutions
3. save
4. create user and add to group
5. log-in as user and search for holdings in specific archival institutions that have been denied permission to read and view

Unexpected Error
User can read all archival descriptions, user can view all reference digital objects in the holdings of ALL archival institutions

Expected REsult
Permissions denied as per Group preferences


Related issues

Related to Access to Memory (AtoM) - Bug #3659: User with update permissions for only one repository can ... New
Related to Access to Memory (AtoM) - Bug #12118: Groups will not set permissions from more than 1 archival... Feedback 04/09/2018

History

#1 Updated by Jessica Bushey over 8 years ago

i also did it another way.
denying access to any archival descriptions and then giving permission to read and view the descriptions and digital objects of a single institution.
but still broken.
my user could view and read everything everywhere

#2 Updated by José Raddaoui Marín over 8 years ago

  • Status changed from New to In progress
  • Assignee changed from Jesús García Crespo to José Raddaoui Marín

Hi Jessica,

Did you mean in the search, advanced search and browse pages? So, if a user doesn't have permissions to view some archival descriptions/references, they should not appear in those lists?

Hi Radda,

I think the easiest approach is that AtoM responds with a warning if you try and click on an archival institution that you do not have permission to access:
For example: The archival institution name is available on the browse page, but when the User clicks on it, they get a warning "You do not have permission to view this resource".

If the person searches for a resource in the search bar, I think that AtoM should not recommend any resources stored in an archival institution that they do not have permission to access. But if that is too hard to do, I guess we could allow AtoM to make the recommendation, but when the User selects it from the drop-down suggestions, AtoM responds with a warning "You do not have permission to view this resource."

We might want to include Dan and Jesus and David in this conversation, as I know that ACL in 2.X is going to require changes throughout the application.

#3 Updated by Jesús García Crespo over 8 years ago

  • Target version changed from Release 2.1.0 to Release 2.0.1

#4 Updated by Jesús García Crespo over 8 years ago

  • Priority changed from High to Critical

#5 Updated by Jesús García Crespo over 8 years ago

  • Status changed from In progress to New

#6 Updated by Jesús García Crespo over 8 years ago

  • Target version changed from Release 2.0.1 to Release 2.0.2

#7 Updated by José Raddaoui Marín over 8 years ago

  • Assignee changed from José Raddaoui Marín to Jessica Bushey

#8 Updated by Jessica Bushey over 8 years ago

  • Assignee changed from Jessica Bushey to José Raddaoui Marín

Radda,

Do you need me to clarify the issue before you can fix it?

#9 Updated by José Raddaoui Marín over 8 years ago

  • Assignee changed from José Raddaoui Marín to Jessica Bushey

Hi Jessica, just to be sure that the problem is in the pages I said in the second update.

#10 Updated by Jessica Bushey over 8 years ago

  • Assignee changed from Jessica Bushey to Jesús García Crespo

Jesus - I've changed the assignee to you - only because I think this fix might have larger implications for ACL in 2.X. Please see my comments in #2.

#11 Updated by Dan Gillean almost 8 years ago

  • Target version changed from Release 2.0.2 to Release 2.2.0

Developers are reviewing and revising ACL for inclusion in 2.2 - bumping this issue to 2.2 so it can be considered as part of those revisions.

#12 Updated by Dan Gillean almost 8 years ago

  • Assignee changed from Jesús García Crespo to Mike Gale

#13 Updated by Mike Gale almost 8 years ago

  • Priority changed from Critical to High

#14 Updated by Mike Gale over 7 years ago

  • Subject changed from Create Group and deny permissions to read archival descriptions and access reference digital object for specific archival institutions DONT WORK to Group deny permissions for viewing descriptions and reference images by archival institution not working

#15 Updated by Mike Gale over 7 years ago

Note this is also an issue with view thumbnail permissions (which will be a new feature in 2.2.x)

#16 Updated by Sarah Romkey over 7 years ago

  • Assignee changed from Mike Gale to José Raddaoui Marín

#17 Updated by Sarah Romkey about 7 years ago

  • Target version deleted (Release 2.2.0)

#18 Updated by Dan Gillean over 2 years ago

  • Related to Bug #12118: Groups will not set permissions from more than 1 archival institution for descriptions added

Also available in: Atom PDF