Closed K8Sewell closed 5 days ago
I am not an administrator or approver for the Permission Set "Test Permission Set 01," but as a regular user, I was able to create a parent that goes into that set: https://collections-uat.library.yale.edu/management/parent_objects/901623974 Batch process - https://collections-uat.library.yale.edu/management/batch_processes/1960/parent_objects/901623974
...although still received the usual PTIFF errors.
Summer, is it possible that you were still a sysadmin when the batch process - 1960 - was processed? I checked this morning and you are presently a sysadmin so out of curiosity I updated myself to not be a sysadmin and removed myself from the test_01(key) permission set and when I tried with the csv you used in 1960 I got the not permitted message as expected. I was not sure if you were set back to sysadmin since 1960 was processed - if so I'll keep investigating but thought it might be worth retesting if not.
I'm 95% sure I was a regular user when I performed the process, but I will try again just to double-check.
Screenshot:
Apparently I get to do whatever I want -- this batch process is with the "new" set JP created
PR ready for review - https://github.com/yalelibrary/yul-dc-management/pull/1400
Deployed to UAT v2.70.0
As per Batch Process 2043, I am still able to create a parent in a Permission Set that I am not an approver or administrator on, even when I am a regular staff user.
I've asked one of our staff members who have never been a SysAdmin in UAT to try and create a parent into a Permission Set they haven't been added to, in case there's something about my netID in particular that is linked with something. As long as regular, Never Been Sys'ed users can't create random OwP parents, we don't need this to be a blocker for the MVP release (although we should continue to investigate).
Confirmed that a Never Been Sys'ed user cannot create OwP object in OwP set they have not been added to:
https://collections-uat.library.yale.edu/management/batch_processes/2061
We can create a separate ticket to look into my superpowers, but I think the original goal of this ticket -- ensure OwP with Preservica ingests -- is completed.
Summary
No logic existed to handle the permission set value in a Preservica ingest. The PR below sets up this logic and enables ingests with Preservica to correctly create parent objects with OwP visibility.
PR
https://github.com/yalelibrary/yul-dc-management/pull/1387