search

samvera / hyrax

Hyrax is a Ruby on Rails Engine built by the Samvera community. Hyrax provides a foundation for creating many different digital repository applications.
http://hyrax.samvera.org/
Apache License 2.0
182 stars 122 forks source link

Prevent sharing works and filesets with unintended groups #6823

Open davidcam-src opened 1 month ago

davidcam-src commented 1 month ago

Fixes

Fixes #6822

Summary

Guidance for testing:

Criteria: Users should not be able to share works to groups outside of the visibility restrictions of the admin set it belongs to

  1. As a non admin user, create a new work in Nurax.
  2. Select an admin set with exclusive private visibility in the Relations tab.
  3. In the sharing settings tab, ensure that "public" or "registered" are not selectable options

Criteria: Users should not be able to share works to groups outside of the visibility restrictions of the admin set it belongs to

  1. As a non admin user, create a new work in Nurax.
  2. Select an admin set with exclusive private visibility in the Relations tab.
  3. Fill out the form as usual and add a file. Check the deposit agreement and click save.
  4. Go to the dropdown for the file on the work page and select Edit
  5. Click the permissions tab and verify that visibility restrictions for the admin set are being applied to the radio buttons (private should be the only option available)

Changes proposed in this pull request:

github-actions[bot] commented 1 month ago

Test Results

    9 files  ±0      9 suites  ±0   17m 7s :stopwatch: +26s 4 759 tests ±0  4 684 :white_check_mark:  - 12  63 :zzz: ±0  12 :x: +12  6 491 runs  ±0  6 416 :white_check_mark:  - 12  63 :zzz: ±0  12 :x: +12 

For more details on these failures, see this check.

Results for commit 290031d3. ± Comparison against base commit 4d2c654a.

This pull request removes 100 and adds 100 tests. Note that renamed tests count towards both. ``` spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to create # spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to create # spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to destroy Hyrax::AdministrativeSet: 9591d9c7-9508-4ffd-b2be-f57a55ae9895 spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to edit Hyrax::AdministrativeSet: efbb557d-140f-4a84-bab1-216093f8aca0 spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to update Hyrax::AdministrativeSet: 476c198b-b1ef-41f1-b058-74449b22d305 spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates as admin behaves like A user with additional access is expected to be able to create # spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates as admin behaves like A user with additional access is expected to be able to create # spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates as admin behaves like A user with additional access is expected to be able to destroy Hyrax::AdministrativeSet: 38c0fa8d-3525-43af-bd71-457c16642117 spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates as admin behaves like A user with additional access is expected to be able to edit Hyrax::AdministrativeSet: 691e909d-0a0a-448e-82fe-24e1b880f739 spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates as admin behaves like A user with additional access is expected to be able to update Hyrax::AdministrativeSet: f73f65f0-254b-4db1-a5aa-40bd3c27b016 … ``` ``` spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to create # spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to create # spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to destroy Hyrax::AdministrativeSet: de93b7d8-69d6-4036-b6b2-d7d82d433dbe spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to edit Hyrax::AdministrativeSet: f8e3e5e6-dd40-4f01-8e0c-f7e99e75aed7 spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates a user without edit access is expected not to be able to update Hyrax::AdministrativeSet: e7f510c1-57ed-4fda-82f1-dc91bfd8455c spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates as admin behaves like A user with additional access is expected to be able to create # spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates as admin behaves like A user with additional access is expected to be able to create # spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates as admin behaves like A user with additional access is expected to be able to destroy Hyrax::AdministrativeSet: ace974c2-0a49-4d0a-9867-4290e04e53b7 spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates as admin behaves like A user with additional access is expected to be able to edit Hyrax::AdministrativeSet: 75600223-4fba-4fd4-8313-c67a1fee68af spec.abilities.ability_spec ‑ Hyrax::Ability AdminSets and PermissionTemplates as admin behaves like A user with additional access is expected to be able to update Hyrax::AdministrativeSet: 20e154f3-d2c5-48c7-859d-acf290f462a7 … ```

:recycle: This comment has been updated with latest results.