Wrong call to forwardUnauthorized in QubitAclSearch
|Assignee:||José Raddaoui Marín||% Done:|
|Target version:||Release 2.3.0|
|Google Code Legacy ID:||Tested version:||2.0.0, 2.0.1, 2.1, 2.1.1, 2.1.2, 2.2, 2.3|
QubitAcl class was divided in multiple classes, but one of the calls to the forwardUnauthorized method was left using self instead of the QubitAcl class in QubitAclSearch.
#4 Updated by Dan Gillean about 6 years ago
- Assignee changed from Nick Wilkinson to Dan Gillean
Can you tell me a bit more about how I should be testing this issue? Or maybe what the steps were to reproduce it in the first place, so I can add that to the issue description, in case users in the forum come across this bug? Thanks!
#5 Updated by José Raddaoui Marín about 6 years ago
Hi Dan, sorry for the developer description. The issue was happening when the user didn't have read permissions over any of the resources in the authority records browse page. I've tried to reproduce it now and I've had to deny read permissions for all authority records and for all archival descriptions to be redirected to the login page instead of seeing the resources. This looks like another bug to me, so feel free to file another ticket if do you think that too.
#6 Updated by Sara Allain about 6 years ago
- Assignee changed from Dan Gillean to José Raddaoui Marín
Denying an anonymous user read permissions on authority records results in the anon user encountering a login page when trying to view an authority record. I didn't have to deny the anon user view rights for archival descriptions. So - I think this is verified, based on the comments in the related ticket, but Radda, can you confirm that this is the desired behaviour?
#8 Updated by Sara Allain about 6 years ago
- Assignee changed from Sara Allain to José Raddaoui Marín
Correct. An anonymous user who is denied read rights over authority records is redirected to a login page from the browse authority records page.
An authenticated user who is denied read rights over authority records is shown an error page ("Sorry, you do not have permission to access that page").
I think this is correct!