Project

General

Profile

Bug #19307

Updated by Lucas Di Pentima about 1 year ago

If user A shares a collection with user B giving B write permissions to it, when B accesses the collection, the "broken pencil" icon appears beside the collection's name, and the UI only allows reading operations. 
 This doesn't happen when a collection is shared via its parent group being shared with write permissions. 

 h4. Further testing results 

 This is not an issue specific to Workbench2, but a shared problem between the 2 workbenches: they don't seem to care about links set directly to a collection, and I may have found a related permission issue from the API: 

 * Collection C inside Project P. P is shared @can_write@ with user B, but C is shared with @can_read@ with this same user. The result: User B can edit collection C. This doesn't seem right. 
 * Collection C from user A's home project is shared with @can_write@ with user B: both workbenches show C as read-only, but user B can edit the collection using the CLI tools. 

 I believe more discussion is needed to properly decide which fixes we're going to apply. If we are going to make Workbench2 misbehave the same way as Workbench1, then the "fix" would be to remove the "Share" option on collections. This may be a 1 or 2 point story. 
 If properly fixing the issue requires revising RailsAPI's permission or other parts so that it adds a @writable_by@ field to collections, that will probably be a bigger story.

Back