Closed julesies closed 6 years ago
moved to hyrax.
Hyrax issue... https://github.com/samvera/hyrax/issues/2677
Another example link: https://nurax.curationexperts.com/concern/images/bv73c0445
These seem to be long-term issues, not related to collections sprint, so I'm trying to clarify what we want to happen here.
The collections list should probably be using a search builder so it doesn't show if there are no collections which the user can see. This list may have predated private collections. Currently it shows a link to the collection but you get an unauthorized error if you follow the link.
The file list looks like it may have been done intentionally. There is code specifically present to substitute "File" for the file name if the user doesn't have read access. I'm wondering if this file behavior was intentional or not, and if intentional do we now want to change it. If not intentional or no longer desired, I need to change to find the ids to include via a search builder.
If desired we should probably at least make the file list not clickable, but since everything is hidden in the list, why are we showing it? If there's a reason we want unauthorized users to see that a file exists, wouldn't we want them to see the thumbnail or file title but just not be able to get to the file itself?
FWIW, this also affects the representative viewer... if you don't have access to view a file, it will show a thumbnail in the image viewer, but you get an unauthorized error when you click on it. However in the file list below, the thumbnail doesn't show. If there is no thumbnail, it shows the 404 image.
Before doing a bunch of refactoring here, I wanted to verify that we truly don't want these files to appear. Feedback?
@vantuyls @julesies
confirmed that Admin Sets and Private Collections are not shown on the work view. Keeping this open until we have a decision about private Files.
just tested this with the new configuration option. So it works with private files, but not private works. If a child work is private, the representation of the child work is show "Private File". the Private file does not.
@laritakr is looking into this
Descriptive summary
A non-authenticated user, I can see objects that are private. This includes Files, Child Works, Collections. I can not get to the actual files, but I can see representations of files and works (with generic File title) and I can see full titles of Private Collections on the Work View.
In addition the Admin Set Title appears on the work view.
Here is a good example including all issues listed: https://nurax.curationexperts.com/concern/images/r494vk17h?locale=en
Here is a place Private Collections are NOT shown to unauthenticated users in nesting context. And so it's working as expected.
https://nurax.curationexperts.com/collections/9019s2486?locale=en