Viewer see Collections they shouldn't in dashboard.

[julesies]

Viewer sees way more collections than they should: I'm using student@example.com

Note the visibility filter also shows way less than it should given the collections below:

Clicking on a collection in the list gives "Unauthorized" error message.

[elrayle]

This is marked ready to retest, but there is a related issue that is not complete... Issue https://github.com/samvera/hyrax/issues/2760

[julesies]

@elrayle I have looked at this and things look better but I have a question....about how these are linking. I'll try to explain here, but we may need to discuss via slack. So same user i'm testing now is student@example.com. Here is what i see now:

I am a depositor for Admin Set 20. When I click on Admin Set 20 I route to this:

I am a viewer of "Faculty Collection" and when I click on it I see:

[elrayle]

This is the same issue as https://github.com/samvera/hyrax/issues/2760. In Hyrax 1.0 and 2.0, viewers and depositors for admin sets are given access to works only and do not have access to the Admin Set itself. The required change to allow them to see the admin show page is to give those same users read access to the admin set.

As this is a change in behavior, it needs further discussion in the community.

[julesies]

I'm now not seeing extra collections in my managed tab: same account. As a viewer of these 3 managed collections, I can click on the Collection and see the Collection Edit Page, but when I click on the admin set, it is "You are not authorized to access this page."

[elrayle]

This is the same as Issue #121 which is fixed by PR https://github.com/samvera/hyrax/pull/3056 (backport https://github.com/samvera/hyrax/pull/3059)

[julesies]

close for dupe