Closed chenejac closed 3 years ago
chenejac
commented
3 years ago Brian Lowe said:
It looks like EditRequestDispatchController, which currently checks authorization for various statement-level edit actions, also needs to include things like AddResource/EditResource/DropResource (possibly others).
chenejac
commented
3 years ago Benjamin Gross said:
An additional report: [https://groups.google.com/g/vivo-tech/c/zsk_0htnHTQ]
chenejac
commented
3 years ago Andrew Woods said:
Discussion with [~accountid:557058:a0d46356-8afd-4951-bfbb-1b29b1a511b5] landed on two potential solutions:
Maybe taking option #1 for now... with a better future in mind.
chenejac
commented
3 years ago chenejac
commented
3 years ago Andrew Woods said:
Looks and works good. It would be nice to have a second (or third) set of eyes on the fix.
chenejac
commented
3 years ago Georgy Litvinov said:
It works well. Looks good to me.
chenejac
commented
3 years ago
Georgy Litvinov (Migrated from VIVO-1929) said:
As reported by Georgy on Slack:
To reproduce, create a user with Site Admin role. Go to the Site Admin page, click "Add individual of this class" button. User is returned to home page with alert message that it does not have permission to do that action.
Log shows the following and similar:
[PermissionsPolicy] No permission will approve AddObjectPropertyStatement: <?SOME_URI>