korydraughn
commented
2 years ago The behavior of Metalnx is correct here. The icommands should not allow that because it bypasses the permission model, hence https://github.com/irods/irods/issues/6579.
To help users with this, we're planning on showing a confirmation popup when Metalnx detects a downgrade.
For the data object and collection that a user has “own” access right (granted by uploading data or by creating a collection), a user can change the access right to other options (read/write/own) as long as he/she stays on the same screen. Once he/she click on any other page/tab after he/she change permission from “own” to “write/read”, it is not possible any more to take his/her own right back. However this is possible by iCommand.
As long as you are on the same screen, you can switch to any other access type.
Once you click on any other tab or screen, you cannot change the permission type that you set because the relevant field is disabled (even for the "write" access type).
However you can change back to your initial access type by using iCommands.
Another issue here is (this seems closely related to the issue above);
For the data object and collection that a user has “own” access right, the user either should be warned or should be blocked when the user choose the “none” option in the permission column. Because as soon as a user change his “own” right to “none”, this data object/collection will disappear. Then only the admin users or the users who have “own” access right on that item can bring it back for the mentioned user. However a user take the permission back by iCommand.
After you removed your permission, if you click on any other tab you will get the 500 server error below. And the only way to go back to Metalnx is to connect to it again by new authentication.
By the way as figure it out parameter name used to remove an access right by Metalnx is “none” whereas it is “null” by iCommands.
Thank you.
Tested both in 4.2.8 - 2.4.0 and in 4.2.9 - 2.4.0. And ICAT is MySQL.