Bug #19145
Updated by Peter Amstutz almost 2 years ago
<pre>
$ arv group get -u x2os0-j7d0g-kmzrv7g9ipvd7ew
{
"created_at":"2022-05-19T20:33:43.216878000Z",
"delete_at":null,
"description":null,
"etag":"5wt0uo29idrljv9zlqu18ee6",
"frozen_by_uuid":"x2os0-tpzed-c5ey1sy2t4fs91o",
"group_class":"project",
"href":"/groups/x2os0-j7d0g-kmzrv7g9ipvd7ew",
"is_trashed":false,
"kind":"arvados#group",
"modified_at":"2022-05-19T20:34:32.624241000Z",
"modified_by_client_uuid":"x2os0-ozdt8-e7r1bldvd7bps9p",
"modified_by_user_uuid":"x2os0-tpzed-c5ey1sy2t4fs91o",
"name":"will freeze",
"owner_uuid":"x2os0-tpzed-c5ey1sy2t4fs91o",
"properties":{},
"trash_at":null,
"uuid":"x2os0-j7d0g-kmzrv7g9ipvd7ew",
"writable_by":[
"x2os0-tpzed-c5ey1sy2t4fs91o",
"x2os0-tpzed-c5ey1sy2t4fs91o"
]
}
</pre>
Not only does it include my user uuid in writable_by say it is writable when "frozen_by_uuid" is non-empty, it is actually writable (it is letting me change stuff in the project).
This is with an admin user. Admin users are not supposed to be able to change frozen projects, only un-freeze them.
Also, as admin, freezing a project bypasses all the QC checks (like "must have a description" and "must have certain properties"). I don't know if we want that.
The good news is, as a regular user, the description/property checks are working as expected, and it is preventing me from modifying things in the project.