Closed ACharbonneau closed 3 years ago
ACharbonneau
commented
3 years ago She finds the same behavior when she has just LINCS Reviewers permissions. Can add screenshots if desired.
I think ideally we want submitters and reviewers to not have access to the Edit Submitted Datapackage page at all, or if they can see it, for it to be entirely greyed out rather than letting the try and fail to change the status.
karlcz
commented
3 years ago This is a known technical limitation of deriva for the current policy regime. We have work planned to improve this but I do not think it will be done soon enough to include in this release. In the interim, I can try to adjust the policy to reduce the number of scenarios where this occurs. It will be unavoidable for a user who actually has "approver" privileges for one DCC and is also allowed to view other DCC submissions w/o approver privilege.
karlcz
commented
3 years ago The interim policy workaround has been applied to dev, briefly verified by manuall testing, and applied to staging as well.
Had a tester in LINCS submitters:
and she was able to get to the Edit submitted datapackage page and change the status:
I think ideally we want submitters to not have access to the Edit Submitted Datapackage page at all, or if they can see it, for it to be entirely greyed out rather than letting the try and fail to change the status.