Dataset Published State - Security Issues and datasets found number oddities

[annikaLiving]

Assigned as an editor of DataBC Program:

• Logged in see 3372 datasets found
• In the list of records includes records of all states
• Via the Record Status (published_state) able to select each state type and get a list of all records.
• All editors can see all records in Draft and Pending Publish and Archived, including other orgs. they need to not see other's records in these states.

Should happen:

• Log in as an editor of a suborg
• Total datasets found =
  • all orgs PENDING ARCHIVE and PUBLISHED +
  • all other states for the org assigned to
• Clicking on a Record Status state, should only allow the a filter on the above values.
• Selecting them all should result in the same datasets found count as selecting none of them.

[TerryLanktree]

When you first go to datasets you get a total number of visible datasets listed. When selecting all items in a facet (like Record Status) you can get a different number. Happens when logged in, not sure about anonymous.

[alixcote]

Sheila to go through and post steps to reproduce (logged in and not logged in)

[TerryLanktree]

I have done this in Toyger:

Select "Browse thousands of government datasets" page states 3080 datasets found

Filter Search Result: Download Permissions - select all page states 3005 datasets found

Reset - Resource Data Types - select all page states 3059 datasets

Appears to be responding better, last time I checked the totals could also be higher than the original count. Now it appears there may simply be datasets that contain NULL? Which should not be, as mandatory fields should not be NULL.

[joe-taylor]

Now it appears there may simply be datasets that contain NULL? Which should not be, as mandatory fields should not be NULL.

@TerryLanktree, although I'm unsure if the original issue is still present, and will defer to Sheila for that, yes, you're correct that null values (essentially) are the culprit in the examples you provided. That being said, I don't consider the resource data types behaviour to be a defect. As for your download permissions example, I suggest we discuss that further; that one appears to be a more nuanced data issue. More detail on the reasoning behind these conclusions follows.

Resource Data Types query with all facet values selected - 3058/3080 results

The 21 records absent from this facet are all datasets that have zero resources attached to them in toyger. There are numerous ways this could have happened. I've listed a few here.

• There were no resources attached to the dataset at the time the DB snapshot was taken
• The attached resources have since been deleted in toyger
• Resources were discarded by the schema migration script (this is purely theoretical as I'm not aware of any specific code that does this)

In any event, for those datasets there is no resource type value to query. This effectively makes the resource type null, as you suggest, but it's not because a mandatory field is missing from resources, but rather because there's no resources for the mandatory field to be attached to.

An example of one such dataset can be found here:

• https://catalogue.data.gov.bc.ca/dataset/translink-height-restrictions

An example of a dataset (also in that group of 21) which has a resource attached in prod but not in toyger is here:

• https://catalogue.data.gov.bc.ca/dataset/grasslands-including-ecosystems-peace-region

These datasets will appear in the results for a search with no filters applied, but they will not appear in a search if all resource data type facets are selected.

Download Permissions query with all facet values selected - 3005/3080 results

There are 75 records not covered by this facet's set of values, and indeed, there are 75 records in toyger for which the Download Permissions field is unavailable in the solr index. It turns out that even though these datasets technically have that field associated to them in the database, (at least from the migration script's perspective,) the key/value pair for these specific records is marked as deleted, so it's not displayed or included in API calls (it's null). It was probably deleted for these records intentionally, because the download permissions field is not applicable to resources that are not downloadable. This includes web apps, for example.

One suggestion might be to add an N/A value for records like these, but I hesitate to do a bulk update without very clear criteria. It may be worth discussing how to handle this with the team, now or later (post MVP?)

The 75 records missing from this facet are listed below, along with their download audience field value pre-deletion.

Records without a download permissions label

Dataset	Value of download audience field before it was deleted
integrated-land-and-resource-registry-ilrr	Public
property-file-search	Public
mineral-assessment-reports-aris-search	Public
b-c-s-map-hub	Public
physical-address-viewer-for-use-in-google-earth	Public
area-of-interest-selector-secure	Public
bc-water-resources-atlas	Public
alc-applications-search-map-viewer-secure-	Named users
forest-mapview	Public
traditional-use-studies-secure	Public
alr-property-and-map-finder	Public
search-bc-post-secondary-student-survey-results	Public
coalfile-search	Public
hectaresbc	Public
river-forecast-centre-snow-weather-station-map	Public
bc-species-and-ecosystems-explorer	Public
habitat-wizard	Public
drivebc	Public
bc-court-finder	Public
minfile-mineral-occurrences-search	Public
agriculture-capability-scanned-maps	Public
profiles-of-indigenous-peoples-pip-consultation-areas-secure-map-service	Government
bc-electoral-district-explorer-bcede-	Public
licensed-meat-processing-facilities-in-bc	Public
licensed-fish-processing-facilities-in-bc	Public
panorama-branch-locator	Public
integrated-petroleum-system-ips-web-search-tool	Public
site-productivity-data-locator	Public
imapbc-4-mobile	Public
bc-stop-of-interest-map	Public
pices-tsunami-debris-aerial-photo-survey-map	Public
bc-electoral-district-explorer-bcede-2013-ge	Public
bc-active-wildfires-map	Public
bc-wildfire-post-harvest-hazard-abatement-map	Public
imapbc-2-0-restricted-access	Public
bc-economic-atlas-application	Public
online-cadastre	Public
early-years-services-map	Public
court-services-online-cso	Public
ecological-reports-catalogue	Public
bc-frogwatch-application	Public
epic-map	Public
mineral-titles-online	Public
property-transfer-tax-residential-calculator	Public
virtual-frontcounter-bc	Public
central-coast-and-north-coast-lrmp-application	Public
coastal-resource-information-system	Public
geodetic-monument-viewer	Public
environmental-violations-database	Public
bc-liquor-store-locator	Public
safe-harbour-respect-for-all	Public
imapbc-2-0	Public
project-information-centre	Public
area-of-interest-selector-public	Public
traffic-data-program	Public
ministry-of-forests-and-range-seedmap	Public
recreation-resources-inventory-online	Public
ecocat-the-ecological-reports-catalogue	Public
recreation-sites-and-trails	Public
frontcounter-bc-discovery-tool	Public
bc-k-12-school-and-district-contact-information	Public
francophone-services-finder-french-version	Public
invasive-alien-plant-program-application-iapp	Public
cross-linked-information-resources-clir	Public
bc-wildfire-service-weather-stations	Public
bc-orthophoto-viewer	Public
avalanche-and-weather-programs-public-access-weather-system-paws	Public
address-list-editor	Public
bc-air-photo-viewer	Public
child-care-map	Public
conservation-data-centre-imap	Public
bc-community-health-atlas	Public
mapplace	Public
bcgs-publications-search	Public
contacts-for-first-nation-consultation-areas-public-map-service	Public

[alixcote]

Update: This is acceptable. Sheila to retest and then close if not needed.

[ghost]

Testing:

• Not logged in > Browse Datasets - 3080 datasets found
• Selected both Record Status > 3080 datasets found with 2 filters applied
• Reset Filter Search Results - returns dataset count to 3080
• Selected all Download Permissions - 3005 datasets found with 5 filters applied, less than unfiltered list, acceptable by @TerryLanktree
• Reset Filter Search Results - returns dataset count to 3080
• Selected all Licences available - 3080 datasets found with 11 filters applied
• Reset Filter Search Results - returns dataset count to 3080
• Selected all Resource Data Types - 3059 datasets found with 20 filters applied - acceptable by @TerryLanktree
• Reset Filter Search Results - returns dataset count to 3080
• Selected all Groups - 159 datasets found with 11 filters applied - acceptable by @TerryLanktree
• Reset Filter Search Results - returns dataset count to 3080
• Selected all Organizations - 3080 datasets found with 151 filters applied

NOTE: when filtering either Resource Data Types and Download Permissions, the number of datasets are less than no filtering applied.

• Logged in with IDIR (sheivand - Editor)> Browse Datasets - 3359 datasets found
• Selected both Record Status > 5321 datasets found with 5 filters applied - FAILED
• Reset Filter Search Results - returns dataset count to 3359
• Selected all Download Permissions - 3273 datasets found with 5 filters applied, less than unfiltered list, acceptable by @TerryLanktree
• Reset Filter Search Results - returns dataset count to 3359
• Selected all Licences available - 3359 datasets found with 11 filters applied
• Reset Filter Search Results - returns dataset count to 3359
• Selected all Resource Data Types - 3320 datasets found with 20 filters applied - acceptable by @TerryLanktree
• Reset Filter Search Results - returns dataset count to 3359
• Selected all Groups - 163 datasets found with 11 filters applied - acceptable by @TerryLanktree
• Reset Filter Search Results - returns dataset count to 3359
• Selected all Organizations - 3359 datasets found with 153 filters applied

NOTE: When logged in this fails the threshold of the Filtered list being <= Filtered list for Record Status. Not sure why a filtered list on one attribute would bring back more records than the unfiltered list. This only happens for Record Status.

[joe-taylor]

This is technically a production defect that's being exposed by a new feature.

[alixcote]

@TerryLanktree to review further against production and the impacts.

[ghost]

Toyger Testing (Explore Datasets):

1. Not logged in - 3119 datasets found
2. Not logged in and filtered by Pending Archive = 20 datasets found with 1 filter applied
3. Not logged in and filter by Published = 3099 datasets found with 1 filter applied
4. Not logged in and filtered by Published and Pending Archive = 3099 datasets found with 2 filters applied
5. Logged in with no roles - 3343 datasets found
6. Logged in and filtered by Pending Archive = 26 datasets found with 1 filter applied
7. Logged in and filter by Published = 3317 datasets found with 1 filter applied 8.. Logged in and filtered by Published and Pending Archive = 3343 datasets found with 2 filters applied
8. Logged in with Ministry Level Admin Role - 3424 datasets found
9. Logged in with Ministry Level Admin Role and filtered by Draft - 40 datasets found with 1 filter applied
10. Logged in with Ministry Level Admin Role and filtered by Pending Archive = 26 datasets found with 1 filter applied
11. Logged in and filter by Published = 3318 datasets found with 1 filter applied
12. Logged in and filter by Archived = 40 datasets found with 1 filter applied
13. Logged in and filtered by all four statuses = 3424 datasets found with 4 filters applied

PASSED

Toyger Testing (Explore by Groups - BC Government API Registry):

1. Logged in with Ministry Level Admin Role @ Ministry Level - 14 datasets found
2. Logged in with Ministry Level Admin Role @ Ministry Level and filtered by Draft - 3 datasets found with 1 filter applied
3. Logged in with Ministry Level Admin Role @ Ministry Level and filtered by Pending Archive = 0 datasets found with 1 filter applied
4. Logged in with Ministry Level Admin Role @ Ministry Level and filter by Published = 11 datasets found with 1 filter applied
5. Logged in with Ministry Level Admin Role @ Ministry Level and filter by Archived = 0 datasets found with 1 filter applied
6. Logged in with Ministry Level Admin Role @ Ministry Level and filtered by all four statuses = 14 datasets found with 4 filters applied

PASSED

Toyger Testing (Explore by Organization - Minitry of Health > British Colubmia Vital Statistices Agency)):

1. Logged in with Ministry Level Admin Role of Different Organization - 2 datasets found
2. Logged in with Ministry Level Admin Role of Different Organization and filtered by Draft - 0 datasets found with 1 filter applied
3. Logged in with Ministry Level Admin Role of Different Organization and filtered by Pending Archive = 0 datasets found with 1 filter applied
4. Logged in with Ministry Level Admin Role of Different Organization and filter by Published = 2 datasets found with 1 filter applied
5. Logged in with Ministry Level Admin Role of Different Organization and filter by Archived = 0 datasets found with 1 filter applied
6. Logged in with Ministry Level Admin Role of Different Organization and filtered by all four statuses = 2 datasets found with 4 filters applied

PASSED

[ghost]

BetaTesting (Explore Datasets):

Not logged in - 3119 datasets found Not logged in and filtered by Pending Archive = 20 datasets found with 1 filter applied Not logged in and filter by Published = 3099 datasets found with 1 filter applied Not logged in and filtered by Published and Pending Archive = 3099 datasets found with 2 filters applied Logged in with no roles - 3343 datasets found Logged in and filtered by Pending Archive = 26 datasets found with 1 filter applied Logged in and filter by Published = 3317 datasets found with 1 filter applied 8.. Logged in and filtered by Published and Pending Archive = 3343 datasets found with 2 filters applied Logged in with Ministry Level Admin Role - 3415 datasets found Logged in with Ministry Level Admin Role and filtered by Draft - 5 datasets found with 1 filter applied Logged in with Ministry Level Admin Role and filtered by Pending Archive = 26 datasets found with 1 filter applied Logged in and filter by Published = 3317 datasets found with 1 filter applied Logged in and filter by Archived = 67 datasets found with 1 filter applied Logged in and filtered by all four statuses = 3415 datasets found with 4 filters applied PASSED

Beta Testing (Explore Dataset Groups - BC Government API Registry):

Logged in with Ministry Level Admin Role @ Ministry Level - 11 datasets found Logged in with Ministry Level Admin Role @ Ministry Level and filtered by Draft - 0 datasets found with 1 filter applied Logged in with Ministry Level Admin Role @ Ministry Level and filtered by Pending Archive = 0 datasets found with 1 filter applied Logged in with Ministry Level Admin Role @ Ministry Level and filter by Published = 11 datasets found with 1 filter applied Logged in with Ministry Level Admin Role @ Ministry Level and filter by Archived = 0 datasets found with 1 filter applied Logged in with Ministry Level Admin Role @ Ministry Level and filtered by all four statuses = 11 datasets found with 4 filters applied PASSED

Beta Testing (Explore by Organization - Minitry of Health > British Columbia Vital Statistics Agency)):

Logged in with Ministry Level Admin Role of Different Organization - 2 datasets found Logged in with Ministry Level Admin Role of Different Organization and filtered by Draft - 0 datasets found with 1 filter applied Logged in with Ministry Level Admin Role of Different Organization and filtered by Pending Archive = 0 datasets found with 1 filter applied Logged in with Ministry Level Admin Role of Different Organization and filter by Published = 2 datasets found with 1 filter applied Logged in with Ministry Level Admin Role of Different Organization and filter by Archived = 0 datasets found with 1 filter applied Logged in with Ministry Level Admin Role of Different Organization and filtered by all four statuses = 2 datasets found with 4 filters applied PASSED