I changed this authorization behavior previously without intending to, and I think that we probably still want admins to have this ability regardless of the deposit pathway used by the work. This also moves logic out of the view and into the authorization policy and tightens up the authorization in the controller for changing visibility (which I assume we would want).
I changed this authorization behavior previously without intending to, and I think that we probably still want admins to have this ability regardless of the deposit pathway used by the work. This also moves logic out of the view and into the authorization policy and tightens up the authorization in the controller for changing visibility (which I assume we would want).