Open yvonneekanim opened 5 years ago
Permissions are wonky. Are you talking about table permissions or tool permissions? I don't even know why the WB is in the tables section. How is it even possible for a user not to have permissions on the workbench tool? When I add a guest user it has the workbench enabled by default, and the option to enable uploading. But the guests group has both the workbench and uploading enabled by default. (But, no, wait, this is only true for one collection, I CAN change permissions on the workbench tool for users in the other collection in the db!)
I have no idea what happens if a user has permission to a tool but not the tables it depends on.
Anyway if this problem is about tool permissions, they should be reloaded when the collection changes, so the bug might be fixed.
correction, the fix in 9bc586e only fixes the problem when switching from a collection in which a tool is permitted to a collection where it is denied. After the change the tool will be disabled. However when switching from a collection where the tool is not permitted, and not on the task bar, it will still not be on the task bar after switching to collection for which the tool is permitted.
This bug is present in 6.6.00. And probably all versions before that because the relevant code has not been changed since pre 6.0 days.
The partial fix in 9bc586e is still in the repo. Permissions objects are checked for nullness everywhere they are accessed, so it is safe to leave it in. Also, it prevents the most serious part of this issue: Any Tool permissions a user has in the current collection will be removed when it switches to a collection in which it does NOT have them (but maybe not all of them).
I've tried this with all tools and a few tables and the permissions for a collection still transfer to collections where users don't have permission.
For example, if a user has WB permissions in collection A but not in collection B, the user's WB permissions transfer when switching between A and B depending on which collection was logged into first.