search

archesproject / arches

Arches is a web platform for creating, managing, & visualizing geospatial data. Arches was inspired by the needs of the Cultural Heritage community, particularly the widespread need of organizations to build & manage cultural heritage inventories
GNU Affero General Public License v3.0
219 stars 143 forks source link

Search terms of restricted resources appear in search suggestions #7316

Open Jude-Dicken opened 3 years ago

Jude-Dicken commented 3 years ago

Hello - Our Arches v5.1 at https://isleofmanher.im/ is not matching searches matches in the dropdown (e.g.: your "predictive list") to the user permission level. Example:

Ballanorris Keeill is set for 'No Access' for anonymous user. Okay. Anonymous user searches 'Ballanorris' and the resource 'Ballanorris Keeill' appears in predicative list. User therefore assumes that the resource is available to click and view. Anonymous user clicks 'Ballanorris Keeill' from the predictive list and (disappointingly, confusingly for the user) the result says '0'.

Chrome is browser used for testing. Arches v5.1 Operating System - please query this with our installer and support provider Reuben Osborne (Knowledge Integration): reuben.osborne@k-int.co.uk

Thanks,

Jude Dicken (Miss) Collections Information Manager Manx National Heritage (Isle of Man), jude.dicken@mnh.im

chiatt commented 3 years ago

Just to add-on to the description of this issue... this is due to terms getting indexed that belong to restricted instances. The terms are not filtered by user instance permissions so they appear as search suggestions in the term search input.

chiatt commented 2 years ago

This issue also applies to cases when all of the nodegroups of a resource model are restricted as described here: https://github.com/archesproject/arches/issues/2491 A solution to this issue should apply to nodegroup permissions as well as resource instance permissions.