-
-
Notifications
You must be signed in to change notification settings - Fork 477
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added missing permissions filter for group owner #7980
base: main
Are you sure you want to change the base?
Added missing permissions filter for group owner #7980
Conversation
I can't reproduce @joachimnielandt , what are the privileges of the record? I have
|
I think in this case (for some reason) there were no privileges attached to the record. However, I'd argue that the semantics of 'groupOwner' would act the same way as 'owner' for a record, giving those entities implicit privileges on the record? In our case, ownership of a record is not defined by the user but through the group to which the user belongs to. It makes sense then to always have the record available to you, even if the privileges were modified. If this change would not be relevant to the core, perhaps the |
If there were no privileges for the record, then user Y can't see the record currently. So I can't reproduce the case were the edit button is present and editor fails.
"A content reviewer can view a metadata if: The metadata is part of a group that the user is a member of." so here "is part" probably means groupOwner and indeed your fix applies. "A user administrator or an editor can view: All metadata that has the view privilege selected for one of the groups they are a member of." and with your fix, the record will also be displayed in this case. So the changes compared to current situation with this fix are:
@josegar74 any opinion about this change? |
I could get this situation (with core/main), @fxprunayre :
For our own fork we have made some modifications with regards to the edit button display logic, but that doesn't seem to be the reason here. |
Indeed the editor fails to find the draft because the draft is not publish to all - so is not returned for the reviewer search. So the changes compared to current situation with this fix are:
|
So this means that
It looks strange to me that a metadata has no view privileges in it's group owner.
Is this similar to the 1st point? Not for this pull request, but I think we should try to improve / simplify the way to assign permissions, currently some configurations that are not very orthodox can be created:
Another question that would be good to clarify:
|
Tested the changes and works as described, but I don't fully understand why a |
As we (Flanders) have customised the workflow / status handling, the above questions are not really applicable to our case: we use the concept of a This PR would solve the base behaviour of what it means to be part of the |
Yes quite some questions about the privileges panels @josegar74! While working in Flanders workflow, I also quite liked the way it manage the privileges by using the workflow steps (and the privilege panel is less needed). For now, I would merge this PR which solve the base behaviour as @joachimnielandt said. On the long run, maybe we should have a demo of the Flanders workflow and decide if it is not a better way to simplify publication of records and use something like this by default.
Probably not.
No.
Some users are using this but it is quite rare.
This was used sometimes so than only the author (and admin) can find/edit the record until ready. But maybe we can drop this. Another question:
There is room for improvements! |
Added missing permissions filter for group owner. Upstream PR: geonetwork#7980 Related work items: #190417, #190553
The following situation breaks due to this missing functionality:
groupOwner
A
andowner
X
A
has usersX
andY
Y
can see the edit button, but upon clicking it the UI reports the record cannot be foundI have added the missing check (marked as TODO) on
groupOwner
which solves the issue on our end. @fxprunayre , does this approach make sense, am I missing a potential case in the permissions filter?Checklist
main
branch, backports managed with labelREADME.md
filespom.xml
dependency management. Update build documentation with intended library use and library tutorials or documentation