Bug #16538

workbench 2 should not allow sharing "write" or "manage" to all users group

Added by Peter Amstutz over 1 year ago. Updated about 1 year ago.

Status:
Rejected
Priority:
Normal
Assigned To:
-
Category:
Workbench2
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Story points:
-

Related issues

Related to Arvados - Story #15372: Revise group permissions to separate them from permissions on managed objectsNew

History

#1 Updated by Peter Amstutz over 1 year ago

  • Category set to API

#2 Updated by Tom Clegg over 1 year ago

  • Assigned To set to Tom Clegg

#3 Updated by Tom Clegg over 1 year ago

  • Status changed from New to In Progress

#4 Updated by Tom Clegg over 1 year ago

One known example where the current user's UUID is missing from writable_by:
  • user A creates a collection and shares (read+write) with the "all users" role group
  • user B gets the collection
  • user B's uuid is missing from writable_by

This is correct because the collection is not, in fact, writable by user B. The "all users" role membership (added by user setup) is read-only.

#5 Updated by Tom Clegg over 1 year ago

Since this seems to be the only known case, it seems the real bug is that "share R+W with All Users" just doesn't do what it sounds like, because the "All Users" role is a special role that intentionally behaves differently from other roles (multi-tenant means users can't necessarily see one another merely because they have been setup).

The solution may be to prevent Workbench from offering to share with the special All Users role beyond read-only.

#6 Updated by Tom Clegg over 1 year ago

  • Related to Story #15372: Revise group permissions to separate them from permissions on managed objects added

#7 Updated by Peter Amstutz over 1 year ago

  • Target version changed from 2020-07-01 Sprint to 2020-07-15

#8 Updated by Tom Clegg over 1 year ago

  • Target version changed from 2020-07-15 to 2020-08-12 Sprint

#9 Updated by Peter Amstutz about 1 year ago

  • Target version changed from 2020-08-12 Sprint to 2020-08-26 Sprint

#10 Updated by Tom Clegg about 1 year ago

  • Target version changed from 2020-08-26 Sprint to 2020-09-09 Sprint

#11 Updated by Peter Amstutz about 1 year ago

  • Subject changed from current user appears in writable_by if user can actually write to the project to workbench should not allow sharing "write" or "manage" to all users group

#12 Updated by Peter Amstutz about 1 year ago

  • Category changed from API to Workbench2
  • Subject changed from workbench should not allow sharing "write" or "manage" to all users group to workbench 2 should not allow sharing "write" or "manage" to all users group

#13 Updated by Tom Clegg about 1 year ago

  • Assigned To deleted (Tom Clegg)
  • Status changed from In Progress to New

#14 Updated by Peter Amstutz about 1 year ago

  • Target version changed from 2020-09-09 Sprint to 2020-09-23 Sprint

#15 Updated by Peter Amstutz about 1 year ago

  • Status changed from New to Rejected

#16 Updated by Peter Amstutz about 1 year ago

  • Target version deleted (2020-09-23 Sprint)

Also available in: Atom PDF