Bug #16538

workbench 2 should not allow sharing "write" or "manage" to all users group

Added by Peter Amstutz 3 months ago. Updated 12 days ago.

Status:
Rejected
Priority:
Normal
Assigned To:
-
Category:
Workbench2
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Story points:
-

Related issues

Related to Arvados - Story #15372: Revise group permissions to separate them from permissions on managed objectsNew

History

#1 Updated by Peter Amstutz 3 months ago

  • Category set to API

#2 Updated by Tom Clegg 3 months ago

  • Assigned To set to Tom Clegg

#3 Updated by Tom Clegg 3 months ago

  • Status changed from New to In Progress

#4 Updated by Tom Clegg 3 months ago

One known example where the current user's UUID is missing from writable_by:
  • user A creates a collection and shares (read+write) with the "all users" role group
  • user B gets the collection
  • user B's uuid is missing from writable_by

This is correct because the collection is not, in fact, writable by user B. The "all users" role membership (added by user setup) is read-only.

#5 Updated by Tom Clegg 3 months ago

Since this seems to be the only known case, it seems the real bug is that "share R+W with All Users" just doesn't do what it sounds like, because the "All Users" role is a special role that intentionally behaves differently from other roles (multi-tenant means users can't necessarily see one another merely because they have been setup).

The solution may be to prevent Workbench from offering to share with the special All Users role beyond read-only.

#6 Updated by Tom Clegg 3 months ago

  • Related to Story #15372: Revise group permissions to separate them from permissions on managed objects added

#7 Updated by Peter Amstutz 3 months ago

  • Target version changed from 2020-07-01 Sprint to 2020-07-15

#8 Updated by Tom Clegg 2 months ago

  • Target version changed from 2020-07-15 to 2020-08-12 Sprint

#9 Updated by Peter Amstutz about 1 month ago

  • Target version changed from 2020-08-12 Sprint to 2020-08-26 Sprint

#10 Updated by Tom Clegg 26 days ago

  • Target version changed from 2020-08-26 Sprint to 2020-09-09 Sprint

#11 Updated by Peter Amstutz 26 days ago

  • Subject changed from current user appears in writable_by if user can actually write to the project to workbench should not allow sharing "write" or "manage" to all users group

#12 Updated by Peter Amstutz 26 days ago

  • Category changed from API to Workbench2
  • Subject changed from workbench should not allow sharing "write" or "manage" to all users group to workbench 2 should not allow sharing "write" or "manage" to all users group

#13 Updated by Tom Clegg 26 days ago

  • Assigned To deleted (Tom Clegg)
  • Status changed from In Progress to New

#14 Updated by Peter Amstutz 26 days ago

  • Target version changed from 2020-09-09 Sprint to 2020-09-23 Sprint

#15 Updated by Peter Amstutz 12 days ago

  • Status changed from New to Rejected

#16 Updated by Peter Amstutz 12 days ago

  • Target version deleted (2020-09-23 Sprint)

Also available in: Atom PDF