Uploaded image for project: 'Providence'
  1. PROV-1879

Spreadsheet view allows editing fields and records that the user does not have access to

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects versions: 1.7
    • Fix versions: None
    • Components: Browse, search, UI
    • Labels:
      None

      Description

      I've just done some experimenting with editable displays in 1.6 and 1.7, and even if users have been marked as not having access to the base record type (eg researcher role on the demo server at demo.collectiveaccess.org), they can edit records that they should not be able to. Is there a simple access check that can be made before updating the field at least, or at least a flag for 'can use editable view' for the role?

        Attachments

          Activity

            People

            • Assignee:
              Former user (Inactive)
              Reporter:
              Kehan Harman
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: