Status: Accepted
Owner: ----
Labels: Type-Defect
New issue 2385 by [email protected]: ACL issue - Limiting user permissions
by repository fails when information object is not associated with a
repository
http://code.google.com/p/qubit-toolkit/issues/detail?id=2385
To reproduce this error:
========================
Using the admin user created during the installation:
1) Create repository "FB"
2) Create description "Foo" and make it part of the repository FB
3) Create description "Bar", with no repository. It shouldn't be a child of
Foo.
4) Create an extra user Peanut, no groups, just "authenticated".
5) Give Peanut all the permissions available for the repository FB
6) Log out
7) Log in as that new user (Peanut)
Resulting error:
================
Peanut can still edit and delete the "Bar" description
Expected result:
================
Peanut should be able to edit/delete/add new children to the "Foo"
description, but should not be able to alter the "Bar" description.
I have tested to ensure that if the description is associated with a
different repository (not "FB") then Peanut should not be able to alter
them - this works.
This issue is likely related to the behaviour reported in 1710 and issue
1311 - however, those issues report a workaround for managing permissions
that does not seem to work in this case. I have attached a screenshot of
the permissions granted (rather allowing all and then denying permissions
for repository "FB") but the issue remains.
Attachments:
workaround-not-working.JPG 43.1 KB
--
You received this message because you are subscribed to the Google Groups "Qubit
Toolkit Issues" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/qubit-issues?hl=en.
