Skip to first unread message
Raphael Unterweger
Nov 25, 2019, 6:46:08 AM11/25/19
to AtoM Users
Hello AtoM Users & Devs,
I have a weird rights problem, or maybe I'm just not getting it ... idk. When I create a role/group with full access to all archival descriptions, every user with that role can access and maniupulate all archival descriptions and also can see the carousel, so far so fine, but when I remove sad role from that user and only give him full access to a single archival description, he can access and manipulate that archival description, but can not see the carousel in that archival description. The admin also always sees the carousel. The carousel consist of digital objects drafts. Is that intended? Am I missing something?
Thanks in advance
Greets
Raphael
Dan Gillean
Nov 25, 2019, 11:51:15 AM11/25/19
to ICA-AtoM Users
Hi Raphael,
The first thing I would suggest is to check the View Draft permissions for your user. If the user does not have permission to view draft records, then lower level descriptions with attached digital objects in Draft mode will not be visible. This is likely why your user cannot see the carousel.
There are also permissions for the derivatives, so if the user doesn't have view permissions for thumbnails, that might also prevent access to the descriptions previewed in the carousel.
Cheers,
--
You received this message because you are subscribed to the Google Groups "AtoM Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/7751ac4e-38dd-45d5-8cd1-505a5fb887fc%40googlegroups.com.
Raphael Unterweger
Aug 6, 2020, 3:43:07 AM8/6/20
to AtoM Users
Dear Dan,
sorry for the quite late answer, but it is a minor problem and I haven't had the time for it, until now =) First of all, just to clarify, that said user has all permissions to all archival descriptions of one archival institution and drafts are still not showing up in the the imageflows (we are on AtoM 2.6 now). I tracked down this "problem" to the acl-plugin. There's a class called QubitAcl.class.php with a function called addFilterDraftsCriteria($criteria), which adds, who would have thought, criterias to filter out thumbs for the imageflow.
There is following citeria which filters out the drafts for said user, but I'm not into Qubit and I don't understand what that criteria is for. Can you tell me what that criteria is for?
$ct2 = $criteria->getNewCriterion(QubitStatus::STATUS_ID, QubitTerm::PUBLICATION_STATUS_PUBLISHED_ID);
We are using individual permissions only, so no groups/roles. What would happen if I remove that criteria?
greets
Raphael
Dan Gillean
Aug 7, 2020, 3:51:21 PM8/7/20
to ICA-AtoM Users
Hi Raphael,
From what I understand, this code filters draft records based on user permissions. Commenting it out would likely mean that drafts would be visible regardless of your user permissions. It may also cause errors, as it appears to be a variable that is used elsewhere.
I did notice one of our developers filing a bug today that sounds related to what you've described. See:
It's not exactly the same issue, but it may be related.
Unfortunately, there are also a number of known issues with user permissions. I suspect that there may be an issue here with inheriting the view draft permissions to lower-level descriptions. I haven't had a chance to test this myself, but one of our developers says he tried and was unable to reproduce. That said, without knowing exactly how you've created your group, it's possible we just haven't properly reproduced the necessary steps. When I have some time, I will try to reproduce this issue myself.
In the meantime, I will say that it's become quite difficult to fix individual bugs in the permissions module, because the entire module is very old, and needs to be fully replaced. Many of the issues stem from the inheritance model used in the permissions, meaning problems upstream can be carried downstream, and it can be difficult to debug without starting in an entire rewrite - something Artefactual can't undertake without community support. So far we have not found any sponsors willing to undertake this work.
I'll let you know if I learn more.
Regards,
he / him
To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/6de86bbc-2b5f-49dd-b2d3-7a434ac347e7n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages