We're updating the issue view to help you get more done. 

Bundle level access control with default set to readonly

Description

If you set

default_bundle_access_level = _CA_BUNDLE_ACCESS_READONLY_

in app.conf (which probably no one has ever done) you also end up with readonly bundles in places like the display, UI and metadata element editors, even for administrators. I guess this is because they all descend from BundlableLabelableBaseModelWithAttributes also they’re not really bundlable and can’t take attributes. So technically this makes sense but it’s not really practical. We’d have to add all these to the bundle-level access control configuration screen to enable access for certain roles.

I think we should somehow exclude those from checks in ca_users::getBundleAccessLevel() and whereever else this is being decided because if someone doesn’t want a certain role to have access to UIs or metadata elements, he’ll restrict that via user actions and not on bundle level. I don’t know if there’s a good criterion to filter those. Probably something like the BOUNDS_CHOICE_LIST for the table_num field in ca_metadata_type_restrictions.

Environment

None

Assignee

Stefan Keidel

Reporter

Stefan Keidel

Labels

None

Components

Fix versions

Affects versions

Priority

Major
Configure