Project

General

Profile

Actions
Copy link

Bug #16538

closed

workbench 2 should not allow sharing "write" or "manage" to all users group

Added by Peter Amstutz almost 5 years ago. Updated over 4 years ago.

Status:
Rejected
Priority:
Normal
Assigned To:
-
Category:
Workbench2
Target version:
-
Story points:
-

Related issues 1 (1 open0 closed)

Related to Arvados - Idea #15372: Revise group permissions to separate them from permissions on managed objectsNewActions
Actions
Copy link
 #1

Updated by Peter Amstutz almost 5 years ago

  • Category set to API
Actions
Copy link
 #2

Updated by Tom Clegg almost 5 years ago

  • Assigned To set to Tom Clegg
Actions
Copy link
 #3

Updated by Tom Clegg almost 5 years ago

  • Status changed from New to In Progress
Actions
Copy link
 #4

Updated by Tom Clegg almost 5 years ago

One known example where the current user's UUID is missing from writable_by:
  • user A creates a collection and shares (read+write) with the "all users" role group
  • user B gets the collection
  • user B's uuid is missing from writable_by

This is correct because the collection is not, in fact, writable by user B. The "all users" role membership (added by user setup) is read-only.

Actions
Copy link
 #5

Updated by Tom Clegg almost 5 years ago

Since this seems to be the only known case, it seems the real bug is that "share R+W with All Users" just doesn't do what it sounds like, because the "All Users" role is a special role that intentionally behaves differently from other roles (multi-tenant means users can't necessarily see one another merely because they have been setup).

The solution may be to prevent Workbench from offering to share with the special All Users role beyond read-only.

Actions
Copy link
 #6

Updated by Tom Clegg almost 5 years ago

  • Related to Idea #15372: Revise group permissions to separate them from permissions on managed objects added
Actions
Copy link
 #7

Updated by Peter Amstutz almost 5 years ago

  • Target version changed from 2020-07-01 Sprint to 2020-07-15
Actions
Copy link
 #8

Updated by Tom Clegg over 4 years ago

  • Target version changed from 2020-07-15 to 2020-08-12 Sprint
Actions
Copy link
 #9

Updated by Peter Amstutz over 4 years ago

  • Target version changed from 2020-08-12 Sprint to 2020-08-26 Sprint
Actions
Copy link
 #10

Updated by Tom Clegg over 4 years ago

  • Target version changed from 2020-08-26 Sprint to 2020-09-09 Sprint
Actions
Copy link
 #11

Updated by Peter Amstutz over 4 years ago

  • Subject changed from current user appears in writable_by if user can actually write to the project to workbench should not allow sharing "write" or "manage" to all users group
Actions
Copy link
 #12

Updated by Peter Amstutz over 4 years ago

  • Category changed from API to Workbench2
  • Subject changed from workbench should not allow sharing "write" or "manage" to all users group to workbench 2 should not allow sharing "write" or "manage" to all users group
Actions
Copy link
 #13

Updated by Tom Clegg over 4 years ago

  • Assigned To deleted (Tom Clegg)
  • Status changed from In Progress to New
Actions
Copy link
 #14

Updated by Peter Amstutz over 4 years ago

  • Target version changed from 2020-09-09 Sprint to 2020-09-23 Sprint
Actions
Copy link
 #15

Updated by Peter Amstutz over 4 years ago

  • Status changed from New to Rejected
Actions
Copy link
 #16

Updated by Peter Amstutz over 4 years ago

  • Target version deleted (2020-09-23 Sprint)
Actions
Copy link

Also available in: Atom PDF