anjackson
commented
1 year ago Back in https://github.com/ukwa/w3act/issues/588 this appears to have been the desired behaviour!?
Open crarugal opened 1 year ago
anjackson
commented
1 year ago Back in https://github.com/ukwa/w3act/issues/588 this appears to have been the desired behaviour!?
crarugal
commented
1 year ago I'm not sure if this is the intended behaviour @nicolabingham. It looks like any Archivist role can make any target a Watched target, even if they don't have DDHAPT permission. I tested it with this test Archivist account:
Not a Watched target
Archivist role with DDHAPT disabled, still able to make the target Watched:
I think #588 questioned the editing of targets between Archivist roles who had DDHAPT enabled. But from what I can see, any Archivist role can Watch a target, so it seems that disabling or enabling DDHAPT doesn't change anything if you have an Archivist role.
nicolabingham
commented
1 year ago A review of users in ACT has found nearly 30 users with the Archivist role, which is wrong as there should be only one person at each institution with this role, except the BL which needs more than one for admin purposes. This is a separate issue and I'll review individual users in ACT. In terms of DDHAPT, access should not be automatic. An Archivist should be able to enable DDHAPT access for ACT users, but only on a case by case basis, so if users can create Watched Targets without having permission, this is a bug.
This possibly relates to https://github.com/ukwa/w3act/issues/621 (it's still unclear if issue 621 is caused by a bug, or ACT users)
Example target: https://www.webarchive.org.uk/act/targets/168983
It seems that "archivist" roles, who aren't authorised to Watch targets, can do so:
However, "expert_user" roles are still unable to Watch targets:
