September 6th from 2:00 PM-3:00 PM EST
https://join.skype.com/uohKGgCNMBSG
- When to use user_access vs islandora_object_access
- JIRA Ticket ISLANDORA-2064
- Islandora Simple Workflow PR #39 - Adam Vessey
- Islandora's Core Repo PR #688 - Adam Vessey
- Islandora Paged Content PR #138 - Adam Vessey
- Islandora Solution Pack Collection PR #197 - Adam Vessey
- "user_access": consistent behavior, and ensure that the superuser can perform all actions.
- "islandora_object_access": Code snippet
if (!is_object($object)) {
// The object could not be loaded...
// Presumably, we don't have permission.
return FALSE;
}
- Jira Tickets
- Open Discussion
- Nothing
November 15th, 2017 2PM EST
- User_access vs Islandora_object_access
- User checks already in place with most modules for inherited permissions
- Islandora_object_access is more granular in way of security
- ISIG's recommendation is to opt for islandora_object_access over user_access calls within modules.
- ISLANDORA-2073: Although this is a bug it is an expected behavior and no indication of any additional security risk.
- Islandora-2043: Long standing and known behavior
- Question: should there be a check to verify this a well-formed PID?
- Looked at islandora/islandora.module#L1240-L1241
- Suggested to bring this up during tomorrow's Committers Group
- ■■Discuss the issue & possible solutions
- ISLANDORA-1999: During the next ISIG meeting this needs to be brought back up.
- Look through the spreadsheet and determine what or if any should be addressed and when. Use this as the opportunity to create tickets and generation action
- ISLANDORA-2045
- Ask Diego more info on the topic. The ticket implied a possible security risk if a malformed parameter is introduced.
