search

seek4science / seek

For finding, sharing and exchanging Data, Models, Simulations and Processes in Science.
http://www.seek4science.org
BSD 3-Clause "New" or "Revised" License
76 stars 52 forks source link

Permissions as project member not applied #1980

Closed NielsGeudens closed 2 weeks ago

NielsGeudens commented 3 weeks ago

Short introduction

In the production instance of DataHub, admin grants members of a project viewing permissions for datafile, samples and sample types. Samples, belonging to a sample type, were extracted from a datafile. Bug: User cannot view the samples or data files, even though they are registered members of the project. They do have access to the sample types.

More information

Applied permissions

image Figure 1: Screenshot of the admin account, showing that members of the project ("deCYPher Composable Elements") have view + download rights for the datafiles (here shown for datafile "Protein_datafile_072024").

image Figure 2: Screenshot of the admin account, showing that members of the project ("deCYPher Composable Elements") have viewing rights for the sample(s) (here shown for sample "ug_st0001").

image Figure 3: Screenshot of the user account of Flora, showing that they are indeed member of the project ("deCYPher Composable Elements").

User experience

‘Niels User’ is member of the project. Project members get viewing access to the samples from ‘Niels Admin’: • If ‘Niels User’ is member of the project, all sample types and samples are visible • If ‘Niels User’ is removed as a member from the project, everything is hidden • Making a member again, makes everything (data files, sample types, samples) visible again • So => Expected behavior

With the exact same settings, users Flora and Bert (both member of project) experience the following : • No access to datafiles • Access to sample type • No access to samples. Even when specific permissions are shared with Flora as a person (not just as member of project) for the samples and/or datafiles, the experience remains the same.

image Figure 4: Screenshot of the user account, showing the message "there are no samples available to be displayed".

image Figure 5: Screenshot of the user account, showing that samples types (4 in total) are accessible to the user, but no samples (0+199).

The same behavior could not be reproduced in the sandbox instance of DataHub.

stuzart commented 3 weeks ago

This could be related to the issue @floradanna reported with authlookup jobs failing. It's not mentioned here, but Flora or Bert might be able to access and view the data files and samples indiviudally, but if that job hasn't run successful then list views may not show them

NielsGeudens commented 3 weeks ago

Unfortunately, Flora and Bert cannot view individual samples either..

kdp-cloud commented 2 weeks ago

As @stuzart mentioned, after the queue of authlookup jobs resumed, the samples were visible again according to the permissions set by the user.

It's not completely clear why the queue was stopped but restarting the service fixed the issue. This makes it hard to reproduce and debug this locally since (re-)starting the service fixes the issue.

I will monitor the background jobs the next couple of days and close this issue for now.