Permissions are wrong for projects #25
Comments
ghost
assigned 
|
Asked Ivan: "How did you log in? As iborozan or as admin?" Realized, I might even be able to work this out from the logs. If not, I probably should be able to. |
|
And yes, I can replicate this. The samples are listed, but no projects are listed. Displaying any individual sample gets this effect though. Also, there's no UI to allow constraining to specific projects, so the permissions system never really allowed that flexibility in the first place. We should probably start by relaxing all permissions to get viability. |
|
Oh well, this part of CaPSID is a total mess. Old CaPSID used DBRefs, which have been deprecated for years, and which don't work that well. I can't even see how these were ever created. Also, the code appears to use LDAP to query roles, even though the database also stores them. And they are actually used extensively in the code base, so it isn't all that clear how well we can just hack that code out. |
|
Well, with investigation, there seems to be a workaround. Projects can be assigned users, but it's in a weird and hidden part of the interface. Choose the Edit button for a selected project and you can add users. Of course, part of the problem is that samples shouldn't be displayed unless you have project permissions, which is is actually the problem here: stuff that isn't supposed to be accessible actually is. |
…s the primary scope for now. Should probably handle permissions elsewhere too. #25
Ivan reported this: "I found some issues from the the webapp I can not see the project table, also if I click on a sample I get 'Sorry, you're not authorized to view this page'."
The text was updated successfully, but these errors were encountered: