Hi all, Looking at this a little bit more, it seems to be the case that the "update_location_record" permission is given globally whilst the "manage_repository" permission is set at repository level. This means that if a user has managerial level permissions at repository A but only very basic level permissions at repository B, they are still able to create, amend and delete locations at both A and B.
Is there any reason that "update_location_record" isn't a repository level permission? We will have quite a number of repositories and a fair few staff members who will be given different permission levels in more than one of them. It just seems bizarre that someone who is merely in the "repository-viewers" group at a repository should be allowed to delete said repository's locations, purely because another repository has put them in the "repository-managers" group. Best wishes, Nick -----Original Message----- From: Nick Butler <[email protected]<mailto:nick%20butler%20%[email protected]%3e>> Reply-To: Archivesspace Users Group <[email protected]<mailto:archivesspace%20users%20group%20%[email protected]%3e>> To: [email protected] <[email protected]<mailto:%[email protected]%22%20%[email protected]%3e>> Subject: Re: [Archivesspace_Users_Group] Creating location records - how? Date: Thu, 10 Oct 2019 15:06:43 +0000 Hi Trevor, Thank you very much for your speedy and helpful response - giving the user the manage_repository permission did indeed fix the issue. I don't think I'd have found that file otherwise, and it looks like a useful point of reference. Many thanks, Nick -----Original Message----- From: Trevor Thornton <[email protected]<mailto:trevor%20thornton%20%[email protected]%3e>> Reply-To: Archivesspace Users Group <[email protected]<mailto:archivesspace%20users%20group%20%[email protected]%3e>> To: Archivesspace Users Group <[email protected]<mailto:archivesspace%20users%20group%20%[email protected]%3e>> Subject: Re: [Archivesspace_Users_Group] Creating location records - how? Date: Thu, 10 Oct 2019 11:01:19 -0400 We just ran into this issue last week. From what I can tell, the permission to update location records is tied to the permission to manage the repository ("manage this repository (change groups and other settings)"). I couldn't find any documentation to back this up but found this setting in the code: https://github.com/archivesspace/archivesspace/blob/8ffdb952cce8c8804392c229772ae68a00065bcc/backend/app/lib/bootstrap_access_control.rb#L209-L212 On Thu, Oct 10, 2019 at 10:51 AM Nick Butler <[email protected]<mailto:[email protected]>> wrote: Hi all, We're currently running v2.5.2 on our development system (we aren't live yet) and we're running into a peculiar problem with the permission "update_location_record". As far as we can tell, two users have been set up with the same level of permissions yet only one can create and edit location records. Pulling their records via the [:GET] /users/:id API endpoint shows that one has the "update_location_record" for all their repositories and also for the "_archivesspace" global repository, yet the other doesn't have this permission anywhere. The full list of permissions acquired via the [:GET] /permissions endpoint doesn't even include this permission; nor does the permission table of our underlying database. I tried adding it to the other user's record by POSTing a modified user object to the [:POST] /users/:id endpoint but this seems to have had no effect. Basically, how does one go about getting this permission? And is there a reason it doesn't show up in either the database or [:GET] /permissions? Could this be something that's resolved by upgrading from v2.5.2? Any advice would be very welcome, as this will become quite a pressing issue for us soon. Many thanks, Nick -- Nick Butler Software Developer Digital Services Cambridge University Library West Road Cambridge CB3 9DR, UK [email protected]<mailto:[email protected]> Internal tel: 33067 _______________________________________________ Archivesspace_Users_Group mailing list [email protected]<mailto:[email protected]> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group _______________________________________________ Archivesspace_Users_Group mailing list [email protected]<mailto:[email protected]> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group -- Nick Butler Software Developer Digital Services Cambridge University Library West Road Cambridge CB3 9DR, UK [email protected]<mailto:[email protected]> Internal tel: 33067 _______________________________________________ Archivesspace_Users_Group mailing list [email protected]<mailto:[email protected]> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group -- Nick Butler Software Developer Digital Services Cambridge University Library West Road Cambridge CB3 9DR, UK [email protected]<mailto:[email protected]> Internal tel: 33067
_______________________________________________ Archivesspace_Users_Group mailing list [email protected] http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
