Updates:
Status: QA-Feedback
Comment #3 on issue 2403 by [email protected]: User with restricted
permissions to a repository can view and edit information objects belonging
to other repositories
http://code.google.com/p/qubit-toolkit/issues/detail?id=2403
1) Create user and assign to group (e.g., contributor group)
2) Click Create
3) View user profile and select Information object permissions
4) Click Edit
5) View Edit Information object permissions - inherit is selected, but
change this to deny
6) Click on hyperlink "Permissions by Repository" and grant permissions to
User but limit to one repository (e.g., Sudbury Archives)
7) Click Save
8) Log out
9) Log in as User
Resulting error:
User can see all information objects in all repositories. I also tested
this by creating a User and NOT assigning to them a group, but restricting
them to a repository. There were also able to view all information objects
in all repositories.
Expected results:
User can only see information objects for their repository.
--
You received this message because you are subscribed to the Google Groups "Qubit
Toolkit Issues" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/qubit-issues?hl=en.
