don't require email addresses to match to edit jobs - Githubissues

cern-sis / issues-inspire

0 stars 0 forks source link

don't require email addresses to match to edit jobs #444

Closed michamos closed 1 month ago

michamos commented 5 months ago

A user reports that he can't edit his job post: https://cern.service-now.com/nav_to.do?uri=%2Fu_request_fulfillment.do%3Fsys_id%3D7d5c1665c3c082102fec1bddd40131d9%26sysparm_view%3Dtabs_new%26sysparm_domain%3Dnull%26sysparm_domain_scope%3Dnull. After investigating, it turns out that the check in https://github.com/inspirehep/inspirehep/blob/cd81c540c65175d3f9a6a45bdc847e8dcc945ea2/backend/inspirehep/submissions/views.py#L528-L533 is wrong. Email addresses can change, so we shouldn't require them to match. The ORCID check is sufficient.

Additionally, it might make sense to refactor this to align it with the similar permission check in https://github.com/inspirehep/inspirehep/blob/cd81c540c65175d3f9a6a45bdc847e8dcc945ea2/backend/inspirehep/records/marshmallow/jobs/ui.py#L25-L53 which determines whether the edit button gets displayed.

drjova commented 3 months ago

@michamos with this change we have some cases that are failing for example:

https://github.com/inspirehep/inspirehep/blob/e273b52138ab6de99f37bf7197e441c2b527d791/backend/tests/integration/submissions/test_submissions_views.py#L1439-L1440

I guess these are wrong assumptions from the beginning, some of them are:

we don't have a flow that a curator will create a job and then the user will edit it
users without orcid adding jobs