mebrett
commented
4 years ago Reviewer user cannot see any of the metadata for the collected story in Collecting form view unless added to the site as an editor (even viewer doesn't work). If an item has been made public, the item's content continues to show up as Private in the collecting form view, although it can be seen on the metadata view once clicked through to the item:
Reviewer as Viewer
jimsafley
This release made it so any Omeka S reviewer or editor can view private collected data, but, after consideration, I find this to be far too permissive.
The latest commits to the master branch are an attempt to patch this issue. Now, only reviewers or editors who are also editors of the site can view private collected data. I find this precaution to be a good faith effort to keep private data private while retaining a review workflow for users who are not global or site administrators.
To test this: a reviewer or editor who is either a) not a member of the site, or b) a site "viewer" should not be able to see "User Private," "User Name," and "User Email" text; a reviewer or editor who is a site "editor" or "admin" should be able to see them.