Bug #16969

User with can_manage access can drop own permissions by making "private"

Added by Peter Amstutz 12 months ago. Updated 10 days ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
Workbench2
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Story points:
-
Release relationship:
Auto

Description

[login federation] [experiment run from satellite cluster] [WB2]

Steps to reproduce:

  • give another user can-manage on a project
  • log in as the other user
  • go to sharing dialog for the project
  • change the sharing to "Only you can access / Private"

At this point the other user gets kicked out from viewing the project immediately. This is confusing UX. The "only you" means the user who owns the collection, not the 'other user' who has can-manage permissions on it.

TODO: rephrase to avoid confusion, or make it impossible for non-owners to change the sharing level (public/shared/private) on projects.
TODO: check if the same issue exists with collections, and if so, also fix that.

History

#1 Updated by Peter Amstutz 12 months ago

  • Description updated (diff)

#2 Updated by Peter Amstutz 12 months ago

  • Category set to Workbench2

Also available in: Atom PDF