Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User with only depositor role cannot deposit into admin set #864

Closed
2 tasks done
Tracked by #903
jillpe opened this issue Oct 16, 2023 · 4 comments
Closed
2 tasks done
Tracked by #903

User with only depositor role cannot deposit into admin set #864

jillpe opened this issue Oct 16, 2023 · 4 comments
Assignees
@ShanaLMoore @kirkkwang @bkiahstroud
Labels
bug Something isn't working October Sprint

Comments

@jillpe
Copy link

jillpe commented Oct 16, 2023
edited by ShanaLMoore
Loading

Summary

I think I've found another bug related to groups and sharing, but want to make sure that I understand the intended functionality first. A user added a depositor to an admin set should be able to deposit works through that set even if they don't have any other roles, right? (Because the user depositor role already allows a user to deposit into any admin set.) That isn't working in our instance, for individuals or groups.

Accepted Criteria

  • As a user that has been added as a depositor to an admin set, I can deposit works through that set (even if I don't have any other roles)
  • As a user in a group that has been added as a depositor to an admin set, I can deposit works through that set (even if I don't have any other roles)

Testing Instructions

Giving a user deposit access

  1. Login to a tenant as an admin
  2. Navigate to Dashboard > Collections
  3. Create an Admin Set
  4. On the Admin Set edit form, under the participants tab, add a user who has no special roles (including admin) as a depositor
  5. Login to the tenant as that user
  6. Navigate to Dashboard > Works
  7. Verify that you see the Add New Work button and can create a work

Giving a group deposit access

  1. Login to a tenant as an admin
  2. Navigate to Dashboard > Manage Groups
  3. Create a new group. Do not give it any roles
  4. Add a user with no roles as a member of the group (do not use the same user from the instructions above unless you removed its deposit access)
  5. Navigate to Dashboard > Collections
  6. Create an Admin Set
  7. On the Admin Set edit form, under the participants tab, add the group as a depositor
  8. Login to the tenant as the user from Step 4
  9. Navigate to Dashboard > Works
  10. Verify that you see the Add New Work button and can create a work
@ShanaLMoore ShanaLMoore self-assigned this Oct 16, 2023
@ShanaLMoore ShanaLMoore added the bug Something isn't working label Oct 18, 2023
@bkiahstroud
Copy link
Contributor

Investigation Notes

Users being able to create a work depends on two conditions being true:

  1. The user has CanCan permission to create the work type (e.g. can?(:create, GenericWork))
  2. The user has at least one Admin Set they can deposit into

Currently, when a user is granted deposit access to an Admin Set, only the second condition is met. The CanCan permission for registered users (i.e. non-admin users with no roles) to be able to :create works was removed when the Groups with Roles feature was introduced; the reasoning being "restricting base permissions makes sense now that we can more easily hand out permissions".

However, a registered user given deposit access to a specific admin set should be able to deposit works into it, even without any additional roles. Thus, this logic needs to be rethought.

Possible Fixes

The most obvious possible path forward would be to restore CanCan permissions to be able to :create works to all registered users. That way, Condition 1 is always true and we simply rely on Condition 2 to be met in order for users to be able to actually create works. This is worth looking into, but we need to be careful that granting this CanCan permission does not lead to undesired behavior elsewhere in the app.

@ShanaLMoore
Copy link
Contributor

https://github.com/samvera/hyrax/blob/368fe3cbc909438f7ebea0e1e04c6a46c8527134/.dassie/app/models/ability.rb#L5

kirkkwang added a commit that referenced this issue Oct 18, 2023
@kirkkwang
🐛 Fix user despositing to specific admin sets
c629629 
This commit will add back the ability for everyone to be able to create
a work.  This is one of the conditionals that need to be met for a user
to deposit a work to an admin set.  The other is already being met,
which is that the user has to have either a depositor role for that
specific admin set or in a group that has a depositor role for that
specific admin set.

Ref:
  - #864
@kirkkwang kirkkwang mentioned this issue Oct 18, 2023
Merged
@ShanaLMoore
Copy link
Contributor

ShanaLMoore commented Oct 19, 2023
edited
Loading

QA Results: PASS ✅

Tested on: softserv-qa.commons-archive.org, user with no roles: [email protected]

image

  • As a user that has been added as a depositor to an admin set, I can deposit works through that set (even if I don't have any other roles)

DEMO: https://share.zight.com/llu8o709

  • As a user in a group that has been added as a depositor to an admin set, I can deposit works through that set (even if I don't have any other roles)

DEMO: https://share.zight.com/X6unlK5v

@ShanaLMoore ShanaLMoore moved this to PALs QA in palni-palci Oct 19, 2023
@ShanaLMoore ShanaLMoore moved this from PALs QA to Deploy to Production in palni-palci Oct 19, 2023
@ShanaLMoore
Copy link
Contributor

image

Moving to prod deploy column and I've added this to the client's board too

@ShanaLMoore ShanaLMoore moved this from Deploy to Production to Client Verification in palni-palci Oct 19, 2023
kirkkwang added a commit that referenced this issue Oct 20, 2023
@kirkkwang
🐛 Rework ability logic for depositor
40270a4 
Even though a user could not see the Add New Work or Collection button,
they were still able to navigate to it via the routes.  This commit will
rework the ability logic for depositor so that won't happen.

Ref:
  - #864
@kirkkwang kirkkwang mentioned this issue Oct 20, 2023
Merged
ShanaLMoore pushed a commit to samvera/hyku that referenced this issue Oct 23, 2023
🐛 Depositor role cannot deposit into admin set fix
37a133c 
We implemented a fix for this bug in PALS and are contributing it back to Hyku.

Issue:
- notch8/palni-palci#864
@ShanaLMoore ShanaLMoore mentioned this issue Oct 23, 2023
Closed
ShanaLMoore pushed a commit to samvera/hyku that referenced this issue Oct 25, 2023
🐛 Depositor role cannot deposit into admin set fix
4154e01 
We implemented a fix for this bug in PALS and are contributing it back to Hyku.

Issue:
- notch8/palni-palci#864
@ShanaLMoore ShanaLMoore mentioned this issue Oct 25, 2023
Merged
@ndroark ndroark moved this from Client Verification to Done in palni-palci Oct 27, 2023
@jillpe jillpe closed this as completed Oct 27, 2023
@ShanaLMoore ShanaLMoore mentioned this issue Nov 3, 2023
Closed
@jillpe jillpe mentioned this issue Nov 8, 2023
Closed
32 tasks
jeremyf pushed a commit to samvera/hyku that referenced this issue Dec 15, 2023
@kirkkwang @jeremyf
🐛 Fix user despositing to specific admin sets
5694605 
This commit will add back the ability for everyone to be able to create
a work.  This is one of the conditionals that need to be met for a user
to deposit a work to an admin set.  The other is already being met,
which is that the user has to have either a depositor role for that
specific admin set or in a group that has a depositor role for that
specific admin set.

Ref:
  - notch8/palni-palci#864
jeremyf pushed a commit to samvera/hyku that referenced this issue Dec 15, 2023
@kirkkwang @jeremyf
🐛 Rework ability logic for depositor
a6ddf32 
Even though a user could not see the Add New Work or Collection button,
they were still able to navigate to it via the routes.  This commit will
rework the ability logic for depositor so that won't happen.

Ref:
  - notch8/palni-palci#864
@jeremyf jeremyf mentioned this issue Dec 15, 2023
Closed
jeremyf pushed a commit to samvera/hyku that referenced this issue Dec 19, 2023
@kirkkwang @jeremyf
🎁 Contributions from PALNI/PALCI
6a1e0c5 
Which were resolved via the following PRs:

- notch8/palni-palci#768
- notch8/palni-palci#786
- notch8/palni-palci#790
- notch8/palni-palci#807
- notch8/palni-palci#850
- notch8/palni-palci#781
- notch8/palni-palci#787
- notch8/palni-palci#795
- notch8/palni-palci#788
- notch8/palni-palci#793
- notch8/palni-palci#782
- notch8/palni-palci#798
- notch8/palni-palci#866
- notch8/palni-palci#846
- notch8/palni-palci#849
- notch8/palni-palci#868
- notch8/palni-palci#875
- notch8/palni-palci#884
- notch8/palni-palci#876
- notch8/palni-palci#952

Contribute back the following features:

- notch8/palni-palci#125
- notch8/palni-palci#740
- notch8/palni-palci#742
- notch8/palni-palci#746
- notch8/palni-palci#772
- notch8/palni-palci#773
- notch8/palni-palci#774
- notch8/palni-palci#776
- notch8/palni-palci#778
- notch8/palni-palci#839
- notch8/palni-palci#840
- notch8/palni-palci#864

Co-authored-by: Shana Moore <[email protected]>
Co-authored-by: Kirk Wang <[email protected]>
@jeremyf jeremyf mentioned this issue Dec 22, 2023
Closed
This was referenced Jan 8, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ShanaLMoore ShanaLMoore

@kirkkwang kirkkwang

@bkiahstroud bkiahstroud

Labels
bug Something isn't working October Sprint
Projects
palni-palci
Status: Done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ShanaLMoore @kirkkwang @bkiahstroud @jillpe