Closed bess closed 6 years ago
@bess @shanitajohn - Isn't this kind of a security risk that we need to prioritize even if Emory hasn't? I.E. does this become a critical urgent priority the minute files are exposed that should be embargoed?
Is this equivalent to supporting the default Hyrax embargo cascade functionality and ensuring something similar happens in the embargo job?
If an embargo is in place, don't allow an unauthorized user to go directly to the show page for the embargoed file set, even if they somehow know the noid of that file set