Bug #19307
open
Directly shared collection with write permission cannot be modified
Added by Lucas Di Pentima over 1 year ago.
Updated about 1 year ago.
Description
If user A shares a collection with user B giving B write permissions to it, when B accesses the collection, the "broken pencil" icon appears beside the collection's name, and the UI only allows reading operations.
This doesn't happen when a collection is shared via its parent group being shared with write permissions.
Further testing results¶
This is not an issue specific to Workbench2, but a shared problem between the 2 workbenches: they don't seem to care about links set directly to a collection, and I may have found a related permission issue from the API:
- Collection C inside Project P. P is shared
can_write with user B, but C is shared with can_read with this same user. The result: User B can edit collection C. This doesn't seem right.
- Collection C from user A's home project is shared with
can_write with user B: both workbenches show C as read-only, but user B can edit the collection using the CLI tools.
I believe more discussion is needed to properly decide which fixes we're going to apply. If we are going to make Workbench2 misbehave the same way as Workbench1, then the "fix" would be to remove the "Share" option on collections. This may be a 1 or 2 point story.
If properly fixing the issue requires revising RailsAPI's permission or other parts so that it adds a writable_by field to collections, that will probably be a bigger story.
- Target version changed from 2022-08-17 sprint to 2022-08-03 Sprint
- Assigned To set to Stephen Smith
Need to check on this after the frozen projects branch is merged.
- Assigned To changed from Stephen Smith to Daniel Kutyła
- Target version changed from 2022-08-03 Sprint to 2022-08-17 sprint
- Target version changed from 2022-08-17 sprint to 2022-08-31 sprint
- Target version changed from 2022-08-31 sprint to 2022-09-14 sprint
- Target version changed from 2022-09-14 sprint to 2022-09-28 sprint
- Target version changed from 2022-09-28 sprint to 2022-10-12 sprint
- Target version changed from 2022-10-12 sprint to 2022-10-26 sprint
- Target version changed from 2022-10-26 sprint to 2022-11-09 sprint
- Target version changed from 2022-11-09 sprint to 2022-11-23 sprint
- Target version changed from 2022-11-23 sprint to 2022-12-07 Sprint
- Target version changed from 2022-12-07 Sprint to 2022-12-21 Sprint
- Target version changed from 2022-12-21 Sprint to 2023-01-18 sprint
- Target version changed from 2023-01-18 sprint to 2023-02-01 sprint
- Target version changed from 2023-02-01 sprint to 2023-02-15 sprint
- Target version changed from 2023-02-15 sprint to 2023-03-01 sprint
- Target version changed from 2023-03-01 sprint to Future
- Assigned To deleted (
Daniel Kutyła)
- Assigned To set to Lucas Di Pentima
- Status changed from New to Feedback
- Description updated (diff)
From grooming meeting: The permission behavior observed here is correct, and Workbench should warn the user that permissions from the collection's parent project might take precendence over the individual collection's permissions.
- Assigned To deleted (
Lucas Di Pentima)
- Status changed from Feedback to New
Also available in: Atom
PDF
Updated by 
Updated by