Bug #19307
open
Directly shared collection with write permission cannot be modified
Description
If user A shares a collection with user B giving B write permissions to it, when B accesses the collection, the "broken pencil" icon appears beside the collection's name, and the UI only allows reading operations.
This doesn't happen when a collection is shared via its parent group being shared with write permissions.
Further testing results¶
This is not an issue specific to Workbench2, but a shared problem between the 2 workbenches: they don't seem to care about links set directly to a collection, and I may have found a related permission issue from the API:
- Collection C inside Project P. P is shared
can_writewith user B, but C is shared withcan_readwith this same user. The result: User B can edit collection C. This doesn't seem right. - Collection C from user A's home project is shared with
can_writewith user B: both workbenches show C as read-only, but user B can edit the collection using the CLI tools.
I believe more discussion is needed to properly decide which fixes we're going to apply. If we are going to make Workbench2 misbehave the same way as Workbench1, then the "fix" would be to remove the "Share" option on collections. This may be a 1 or 2 point story.
If properly fixing the issue requires revising RailsAPI's permission or other parts so that it adds a writable_by field to collections, that will probably be a bigger story.
Updated by Peter Amstutz over 1 year ago
- Target version changed from 2022-08-17 sprint to 2022-08-03 Sprint
- Assigned To set to Stephen Smith
Updated by Peter Amstutz over 1 year ago
Need to check on this after the frozen projects branch is merged.
Updated by Peter Amstutz over 1 year ago
- Assigned To changed from Stephen Smith to Daniel Kutyła
Updated by Peter Amstutz over 1 year ago
- Target version changed from 2022-08-03 Sprint to 2022-08-17 sprint
Updated by Peter Amstutz over 1 year ago
- Target version changed from 2022-08-17 sprint to 2022-08-31 sprint
Updated by Peter Amstutz over 1 year ago
- Target version changed from 2022-08-31 sprint to 2022-09-14 sprint
Updated by Peter Amstutz over 1 year ago
- Target version changed from 2022-09-14 sprint to 2022-09-28 sprint
Updated by Peter Amstutz over 1 year ago
- Target version changed from 2022-09-28 sprint to 2022-10-12 sprint
Updated by Peter Amstutz over 1 year ago
- Target version changed from 2022-10-12 sprint to 2022-10-26 sprint
Updated by Peter Amstutz over 1 year ago
- Target version changed from 2022-10-26 sprint to 2022-11-09 sprint
Updated by Peter Amstutz over 1 year ago
- Target version changed from 2022-11-09 sprint to 2022-11-23 sprint
Updated by Peter Amstutz over 1 year ago
- Target version changed from 2022-11-23 sprint to 2022-12-07 Sprint
Updated by Peter Amstutz over 1 year ago
- Target version changed from 2022-12-07 Sprint to 2022-12-21 Sprint
Updated by Peter Amstutz over 1 year ago
- Target version changed from 2022-12-21 Sprint to 2023-01-18 sprint
Updated by Peter Amstutz over 1 year ago
- Target version changed from 2023-01-18 sprint to 2023-02-01 sprint
Updated by Peter Amstutz over 1 year ago
- Target version changed from 2023-02-01 sprint to 2023-02-15 sprint
Updated by Peter Amstutz over 1 year ago
- Target version changed from 2023-02-15 sprint to 2023-03-01 sprint
Updated by Peter Amstutz over 1 year ago
- Target version changed from 2023-03-01 sprint to Future
Updated by Lucas Di Pentima about 1 year ago
- Status changed from New to Feedback
- Description updated (diff)
Updated by Lucas Di Pentima about 1 year ago
From grooming meeting: The permission behavior observed here is correct, and Workbench should warn the user that permissions from the collection's parent project might take precendence over the individual collection's permissions.
Updated by Lucas Di Pentima about 1 year ago
- Assigned To deleted (
Lucas Di Pentima) - Status changed from Feedback to New