Groups with Manager = Uploader get automatically download permissions when uploading new datasets

[saxas13]

Expected Behavior

When DEFAULT_ANONYMOUS_VIEW_PERMISSION=False and DEFAULT_ANONYMOUS_DOWNLOAD_PERMISSION=False no user other than admin/superuser and uploading user are able to view/download fresh uploaded datasets. Present user groups can be added lateron to provide access to the data, but need to be assigned manually.

Actual Behavior

If a user group exists and the uploader is Manager of that group, it gets automatically download permissions for new uploaded datasets.

Steps to Reproduce the Problem

1. Create User Group and add user as Group Manager
2. Upload new Dataset and click on View --> Share
3. The Group is already set with download permissions

Specifications

• GeoNode version: 4.1.3
• Installation type (vanilla, geonode-project): geonode-project
• Installation method (manual, docker): docker
• Platform: Ubuntu 20.04
• Additional details: -

[apwebber]

This explains a long-standing problem I have had. I could not figure out where these permissions were coming from.

[kikislater]

Any luck someone find where the problem comes from. I'm facing same issue

[mattiagiupponi]

This should have been resolved in GeoNode 4.2.5 and 4.3.0, can you please try to upgrade and test?

[kikislater]

This should have been resolved in GeoNode 4.2.5 and 4.3.0, can you please try to upgrade and test?

@mattiagiupponi : It seems to work for me but when advanced workflow is enabled now with :

## ADVANCED WORKFLOW
RESOURCE_PUBLISHING = True
ADMIN_MODERATE_UPLOADS = True

DEFAULT_ANONYMOUS_VIEW_PERMISSION=False
DEFAULT_ANONYMOUS_DOWNLOAD_PERMISSION=False
AUTO_ASSIGN_REGISTERED_MEMBERS_TO_REGISTERED_MEMBERS_GROUP_NAME=True
AUTO_ASSIGN_REGISTERED_MEMBERS_TO_CONTRIBUTORS=False
GROUP_PRIVATE_RESOURCES=True

Annonymous can view and download dataset whereas it should not