Closed chrisdaaz closed 6 years ago
This is not a change from 2.0 which shows non-logged in users the following work details...
@vantuyls @no-reply @jrr Should this be a blocker? This is not a change from 2.0 to 2.1, but it is a security issue to reveal to public (non-logged in) users editor ids.
I think this was fixed. Closing
Descriptive summary
Public visitors of collections see more information than is necessary or even desired when viewing a list of works in a collection and clicking the "more details" arrow.
Rationale
A public user of a public collection has no need to see the "Edit Access" or "Depositor" metadata of a work when browsing a collection. In some cases, the names, groups, and email addresses of users with edit access to works may be confidential.
Expected behavior
Visitors browsing a collection may be interested in more descriptive details about the work itself, such as "Keywords" or "Rights".
Actual behavior
Steps to reproduce the behavior