New admins are unable to edit records in all organizations in 1.5.2

[Mbrownshoes]

New admin's unable to edit records in all organizations in 1.5.2 (currently in Test and Delivery). I added a new user as an admin in both delivery, test and production. Only in Prod (1.5.1) was the admin able to edit records in organizations other than the one they were added in.

An admin has to be first created in an organization but they should then appear in all organizations. New admins are only showing under the organization they are created under in 1.5.2.

@gjlawran @Darv72

[jrods]

@Mbrownshoes I can't seem to re-create this issue in my env where new admins can edit other records in orgs they are not apart of. This is with using the tagged version of 1.5.1 of the bcgov ext. The new admin has to be added to the org to edit any of the records that belong to that org.

@Mbrownshoes @gjlawran @kfishwick @Darv72 What is the correct behavior that admins should have, with regarding to access of records in other organizations? I think it makes sense having admins restricted to the org(s) they are assigned to and they can only have control within their assigned org(s). I would like to know what the intended behavior is.

[Mbrownshoes]

@jrods The current behaviour in production (1.5.1) is that once an user is added as an admin for one organization, they had admin access in all orgs. This is an efficient way of giving one of us the ability to edit records across all orgs.
This behaviour (which is what we want) still works for us in 1.5.1, but is broken in 1.5.2.

[kfishwick]

@Mbrownshoes I believe this should happen when an admin user logs in. Can you grant Jared's idir admin access in cad?

[Mbrownshoes]

@kfishwick @jrods now has admin access.

[kfishwick]

Thanks @Mbrownshoes. One other question, I thought the users had to be granted admin in WebADE, not in ckan. Did that change?

[Mbrownshoes]

@kfishwick, yes you're right. I just checked and it is working as it should in delivery - I was able to create an admin by first granting in ADAM and then in ckan. @jrods should not have admin access for all orgs in delivery. Please confirm. In Test new admin's are still not able to edit records in all orgs. I'll try testing with another user.

[jrods]

@Mbrownshoes I only see my account in the DataBC org and has the admin role. My account is not in the parent org. In my cookies, my edcauth token is jaresmit..._EDITOR

[Mbrownshoes]

did you log out and back in again? Once you do that you should have admin access to all orgs.

[jrods]

@Mbrownshoes yes, i have admin control now, i can go into any record and edit. My edc_auth cookie also has ADMIN in it.

[kfishwick]

Matt can you please confirm this is not a bug?

[Mbrownshoes]

This appears to be working in delivery.

[kfishwick]

There were no fixes involved here, I think this ticket should be closed as it was user error (users were made admins in CKAN instead of via WebADE).