nowinski
commented
2 years ago Users can see all projects and datasets for all organizations on the project/dataset list pages when these conditions are true:
- No project level permissions have been granted to the user AND
- No projects within the organization allow organization viewing AND
- No projects within the CDMS instance allow public viewing
The bug only occurs when there are no projects available to the user under project level view/hide permission settings. Also, it should be noted that users only see the project and dataset lists. They do not have access to any project information or datasets.
Quick workaround: make sure there is at least ONE public project in your CDMS. Will elevate this issue to CTUIR for coordinated fix.
On my test CDMS, I have two organizations. All datasets and projects belong to Organization 1, and there are none on Org2. All of the projects in Org1 are Hidden from Public in the permissions tab, meaning they should not be visible to anyone who is not an Organization user. I log in as a user in Organization 2 (Org2-User), and I can see all projects and datasets from Org1 - as a reminder, at this point the Org2-User should not have permission to see anything. If I click on any of the projects/datasets, I cannot access even the summary info page, which is correct.
If I go in as admin and change one of the Org1 projects to Public:View, and then log back in as Org2-User I only see the project/datasets I just gained permission to via Public:View.
Something weird is happening when a user has no permissions.