On the "Learn More About this Organization/Group" links, "Members" information should only be available to Admins (#942, #937)

[SteveChapmanBCDX]

The "Members" information on this popup should only be available to admins.

This needs to be changes for Groups as well.

[BrandonSharratt]

See also https://github.com/bcgov/ckanext-bcgov/pull/855

[ghost]

I can see Members on Organization records for Organizations for which I am not an Admin. However, I wonder if it is an issue with my Production access, which is confusing to say the least.

sheivand - Editor (previously an Admin, but no longer - @annikaLiving , please confirm) shevande - Admin

@SteveChapmanBCDX, @TerryLanktree - I am able to see the Members of Organizations as both an Admin ad Editor, regardless of the organization, Editor/Admin or not.

I think the requirement implementation should be that both Editors and Admins should only be able to see Members of the Organizations of which they are Editors and Admins.

• If I am logged in as an IDIR user with an Editor role for one Organization (DataBC Program), I should only be able to see the members of that organization, no other Organization.
• If I am logged in as an IDIR user with Admin role for all Organizations, I should be able to see Members section of Organization popup page for all Organizations
• If I am a logged in as an IDIR user with no role, I should not be able to see the Member section on any Organization popup page. This should also hold true for any users who may log in to download resources using a BCeID.

Please confirm your thoughts. If you are in agreement, then this needs to go back to sprint backlog.

cc. @annikaLiving, @BrandonSharratt

[ghost]

@TerryLanktree , you will have to get Jenn Potter to test the last bullet - logged in IDIR user with no role and should not be able to see the Member section of the Learn more about the organization popup.

[ghost]

@TerryLanktree - testing results:

• Logged in as Admin of two organizations (DataBC Program & Knowledge Branch)

Able to see members of BC Stats - FAIL

@annikaLiving - please confirm those are the only two orgs I am an Admin for shevande

• Logged in as Editor of one organization (Data Innovation Program (DIP)

  Able to see Member section for Liquor Distribution Organization - FAIL

[TerryLanktree]

It appears you simply need to be logged in to see Membership, this should only be available to Admins.

[ghost]

@TerryLanktree , shouldn't an Editor be able to see other editors of an organization? Since Editors have the ability to edit any records associated to the Organization and not at the record level. A logged in user should only be able to see members of an organization for which they are an editor or admin. A logged in user with no role, should see no members on any org record. I think the only one that can test that is Jenn Potter.

[TerryLanktree]

The ticket says it should only be available to Admins. It is available to me, as an editor, for every organization. Jenn has tested, and she, too, can see all membership. As this is contrary to the ticket, I have moved back to Sprint Backlog. If the requirements are different from what is stated, we can review. I do not have the history on this one. For now, locking it down too tight seems better than being too exposed.

[TerryLanktree]

I have been informed that this information is available in Cat Classic, so I'll remove from Sprint Backlog and we can evaluate what we want to happen.

[ghost]

https://dpdd.atlassian.net/browse/DDS-937 https://dpdd.atlassian.net/browse/DDS-942