You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Create a resource map, EML, and data object but only give yourself read and write permission on these objects, and make someone else the rightsHolder
Send a request to updateSystemMetadata() for one of these objects, with only the fileName value changed.
Notice a 401 error is returned that says you do not have CHANGE_PERMISSION permission.
Proposed changes
I think we should allow updates to the rest of the system metadata, particularly the fileName and formatId, to anyone that has write permission. I am guessing we have chosen to deny all system metadata updates to users without changePermission for simplicity, but now that we are adding access policy editors and file name editors to MetacatUI, this issue is going to pop up a lot.
MetacatUI will have to start restricting renaming to only those with changePermission, which seems overkill. OR, it will have to perform an entire object update() just to rename the file (which is actually a loophole in which the user could change the access policy anyway... see #1450)
The text was updated successfully, but these errors were encountered:
…d doesn't change access control rules in the system metadata.
If the access control rules were modified, users should have the change permission.
Ref:#1475
Step to reproduce:
read
andwrite
permission on these objects, and make someone else therightsHolder
updateSystemMetadata()
for one of these objects, with only thefileName
value changed.Proposed changes
I think we should allow updates to the rest of the system metadata, particularly the
fileName
andformatId
, to anyone that haswrite
permission. I am guessing we have chosen to deny all system metadata updates to users withoutchangePermission
for simplicity, but now that we are adding access policy editors and file name editors to MetacatUI, this issue is going to pop up a lot.MetacatUI will have to start restricting renaming to only those with changePermission, which seems overkill. OR, it will have to perform an entire object
update()
just to rename the file (which is actually a loophole in which the user could change the access policy anyway... see #1450)The text was updated successfully, but these errors were encountered: