Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Advanced Workflow: permissions assigned to managers/members should be filtered by owner and resource group metadata only #9115

Closed
afabiani opened this issue Apr 15, 2022 · 1 comment
Closed

Advanced Workflow: permissions assigned to managers/members should be filtered by owner and resource group metadata only #9115

afabiani opened this issue Apr 15, 2022 · 1 comment
Assignees
@afabiani
Labels
3.3.x 4.0.x master regression Issues related to regressions. security Pull requests that address a security vulnerability

Comments

@afabiani
Copy link
Member

Expected Behavior

When automatically setting the permissions through the advanced workflow, the groups to consider in order to set the managers and members ones are only:

  • The resource.owner group (if any)
  • The resource.metadata.group (if any)

That means that whenever we manually assign some sort of permission to another group, whatever, through the share panel, unless one of the previous condition are met, there won't be any automatic action.

Actual Behavior

The advanced workflow consider any group having some sort of access to the resource.

Steps to Reproduce the Problem

  1. Create a test_group1 and assign it to test_user1, also create test_manager1 and test_member1
  2. Create a test_group2 and create test_manager2 and test_member2
  3. Create a test_group3 and create test_manager3 and test_member3
  4. Upload a resource owining to test_user1, verify the test_manager1 and test_member1 have permissions to the resource
  5. Assign test_group2 to the resource, verify the test_manager2 and test_member2 have permissions to the resource
  6. Assign view permissions to test_group3, verify no further/specifc permissions have been set for test_manager3 or test_member3

Specifications

  • GeoNode version:
  • Installation method (manual, GeoNode Docker, SPCGeoNode Docker):
  • Platform:
  • Additional details:
@afabiani afabiani added regression Issues related to regressions. 3.3.x master 4.0.x labels Apr 15, 2022
@afabiani afabiani self-assigned this Apr 15, 2022
@giohappy
Copy link
Contributor

confirmed @afabiani

@afabiani afabiani added the security Pull requests that address a security vulnerability label Apr 15, 2022
afabiani pushed a commit that referenced this issue Apr 15, 2022
[Fixes #9115] Advanced Workflow: permissions assigned to managers/mem…
5144d95 
…bers should be filtered by owner and resource group metadata only
This was referenced Apr 15, 2022
Merged
Closed
Merged
github-actions bot pushed a commit that referenced this issue Apr 19, 2022
@github-actions
[Fixes #9115] Advanced Workflow: permissions assigned to managers/mem…
27f8d24 
…bers should be filtered by owner and resource group metadata only (#9119)

* [Fixes #9106] Implement API for compact permissions

* [CircleCi] Fix tests

* [CircleCi] Fix tests

* [CircleCi] Fix tests

* [CircleCi] Fix tests

* [CircleCi] Fix tests

* [Fixes #9114] Group managers are assigned Manage permission on adding a group with any permission in share permissions form

* [Fixes #9115] Advanced Workflow: permissions assigned to managers/members should be filtered by owner and resource group metadata only

* - Fixes: The "get_all_level_info" forcibly and wrongly writes manages into the "perm_spec"

 - Fixes: The "update_metadata" does not forward information about group and approval status change to the update method

* - Fixes: promotion/demotion consider the owner's group also
giohappy pushed a commit that referenced this issue Apr 19, 2022
@github-actions
[Fixes #9115] Advanced Workflow: permissions assigned to managers/mem…
4a5a60f 
…bers should be filtered by owner and resource group metadata only (#9119) (#9159)

* [Fixes #9106] Implement API for compact permissions

* [CircleCi] Fix tests

* [CircleCi] Fix tests

* [CircleCi] Fix tests

* [CircleCi] Fix tests

* [CircleCi] Fix tests

* [Fixes #9114] Group managers are assigned Manage permission on adding a group with any permission in share permissions form

* [Fixes #9115] Advanced Workflow: permissions assigned to managers/members should be filtered by owner and resource group metadata only

* - Fixes: The "get_all_level_info" forcibly and wrongly writes manages into the "perm_spec"

 - Fixes: The "update_metadata" does not forward information about group and approval status change to the update method

* - Fixes: promotion/demotion consider the owner's group also

Co-authored-by: Alessio Fabiani <[email protected]>
afabiani pushed a commit that referenced this issue Apr 19, 2022
[Backport to 3.3.x][Fixes #9115] Advanced Workflow: permissions assig…
6110b69 
…ned to managers/members should be filtered by owner and resource group metadata only
@afabiani afabiani mentioned this issue Apr 19, 2022
Merged
12 tasks
afabiani pushed a commit that referenced this issue Apr 19, 2022
- Missing commits on : [Fixes #9115] Advanced Workflow: permissions …
c218d4a 
…assigned to managers/members should be filtered by owner and resource group metadata only
giohappy pushed a commit that referenced this issue Apr 19, 2022
[Backport to 3.3.x][Fixes #9115] Advanced Workflow: permissions assig…
13ce257 
…ned to managers/members should be filtered by owner and resource group metadata only (#9167)
giohappy pushed a commit that referenced this issue Apr 19, 2022
- Missing commits on : [Fixes #9115] Advanced Workflow: permissions …
8a1be38 
…assigned to managers/members should be filtered by owner and resource group metadata only (#9172)
github-actions bot pushed a commit that referenced this issue Apr 19, 2022
@github-actions
- Missing commits on : [Fixes #9115] Advanced Workflow: permissions …
ca08523 
…assigned to managers/members should be filtered by owner and resource group metadata only (#9172)
giohappy pushed a commit that referenced this issue Apr 19, 2022
@github-actions
- Missing commits on : [Fixes #9115] Advanced Workflow: permissions …
d98a93b 
…assigned to managers/members should be filtered by owner and resource group metadata only (#9172) (#9176)

Co-authored-by: Alessio Fabiani <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@afabiani afabiani

Labels
3.3.x 4.0.x master regression Issues related to regressions. security Pull requests that address a security vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@giohappy @afabiani