search

BiologicalRecordsCentre / ABLE

Assessing ButterfLies in Europe project repository
2 stars 3 forks source link

User downloads should include all records, including confidential #670

Closed DavidRoy closed 6 months ago

DavidRoy commented 7 months ago

Reported for Greece where there are species marked as sensitive #612

Users can't download his/her records of sensitive species now (cvs)-sensitive species are encrypted. Users should have the right to fully access and download all their data, sensitive and non-sensitive species.

@andrewvanbreda can you investigate and liaise with John or Gary as needed?

andrewvanbreda commented 7 months ago

Hi @johnvanbreda,

Are you able to advise how I might best approach getting this issue fixed. I think this must be affecting the My Downloads area of EBMS which uses Elastic for downloading CSV files.

https://butterfly-monitoring.net/mydata/downloads

Presumably we could be limited by what is in the index.

Any thoughts?

andrewvanbreda commented 7 months ago

Hi @DavidRoy,

I am currently at John's house, so I thought it would be a good time to look at this one with him as I can't check the inside workings of Elasticsearch myself.

Our conclusion by looking at the code is this should actually be working. Also, following up that theoretical code check, we did some practical tests and were able to masquerade as two users. We able to see an example sensitive record for one user in the download, and an example confidential record for the other user.

If you need this investigated further, we will need to know the name/ID some records which aren't appearing in the downloads that should be.

Tests conducted using survey 565 (EBMS 15 minute counts)

Sensitive Occurrence ID = 35667816 (Southern Swallowtail) Indicia Warehouse User ID = 301776

and also

Confidential Occurrence ID = 35449093 (Spanish Greenish Black-tip) Indicia Warehouse User ID = 236382

DavidRoy commented 7 months ago

@CrisSevilleja are you able to test this and close if ok?

CrisSevilleja commented 6 months ago

I tested and it works well. I tried with my records where I have Spanish Greenish Black-tip (E. bazae) and I was able to download it, appearing on the downloads. Also, I tried another user from Greece downloading 15min count records and Papilio alexanor was downloaded. Thank you.

@DavidRoy I think this was an issue from Kiki, it would be good to report it to her.