Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support self editor profile matching by using External Auth ID #3947

Merged
merged 2 commits into from
Apr 17, 2024
Merged

Support self editor profile matching by using External Auth ID #3947

merged 2 commits into from
Apr 17, 2024

Conversation

litvinovg
Copy link
Collaborator

@litvinovg litvinovg commented Feb 29, 2024
edited
Loading

VIVO GitHub issue

  • Other Relevant Links (Mailing list discussion, related pull requests, etc.)
    Vitro PR

What does this pull request do?

Fixes broken profile linking made by using External Auth ID.

What's new?

  • Refactored PolicyHelper and AuthorizationRequest to use UserAccount instead of of IdentifierBundle.
  • Modified SparqlSelectQueryResultsChecker to support queries that contain externalAuthId and matchingPropertyUri
  • Modified existing policies to find related profiles by using External Auth ID

How should this be tested?

  • Reproduce the problem described in the issue
  • Apply Vitro PR and this PR, build VIVO
  • Create a self editor user account and 2 profiles, link user account with one of created profiles by using External Auth ID
  • In both profiles add/create one new publication.
  • Log in as a self edtor, check that user can edit his own profile and can't edit not related profile
  • As a self editor check that publication related to owned profile is editable and publication not related to the profile is not editable
  • As a root user on Property Editing Form of the property that is used to show publication in the profile click checkbox "Suppress Display for this property in unrelated individuals".
  • As a self editor check that property is still visible in owned profile and not visible in not related profile
  • As a root user on Class Editing Form of the publication class click checkbox "Suppress Display for not related individual pages of class".
  • As a self editor check that related publication profile is still accessible and editable and not related publication profile is not accessible (redirects to home page)

Interested parties

@VIVO-project/vivo-committers

@litvinovg litvinovg mentioned this pull request Feb 29, 2024
Merged
@chenejac chenejac self-requested a review March 12, 2024 10:19
chenejac
chenejac requested changes Mar 12, 2024
View reviewed changes
Copy link
Contributor

@chenejac chenejac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@litvinovg please check my comment.

home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3 Outdated Show resolved Hide resolved
home/src/main/resources/rdf/accessControl/firsttime/profile_proximity_query.n3 Outdated Show resolved Hide resolved
@litvinovg litvinovg requested a review from chenejac March 12, 2024 14:32
@litvinovg litvinovg mentioned this pull request Mar 15, 2024
Merged
@litvinovg litvinovg linked an issue Apr 3, 2024 that may be closed by this pull request
Profile linking with Matching ID doesn't work #3945
Closed
@chenejac chenejac requested a review from brianjlowe April 11, 2024 14:59
brianjlowe
brianjlowe approved these changes Apr 17, 2024
View reviewed changes
Copy link
Member

@brianjlowe brianjlowe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Confirmed bug on main; tested PR using listed procedure. I see that preventing display of the individual at the class level doesn't remove affected individuals from search results, so an unauthorized user is presented with the opportunity to click on something that just redirects to the home page. But I guess that is something for another issue.

@brianjlowe brianjlowe merged commit 7bb3bd6 into vivo-project:main Apr 17, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chenejac chenejac chenejac approved these changes

@brianjlowe brianjlowe brianjlowe approved these changes

Assignees
No one assigned
Labels
Blocker bugfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Profile linking with Matching ID doesn't work
3 participants
@litvinovg @brianjlowe @chenejac