Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

member_of field on items still show all nodes #107

Open
bseeger opened this issue Apr 7, 2021 · 0 comments
Open

member_of field on items still show all nodes #107

bseeger opened this issue Apr 7, 2021 · 0 comments
Labels
bug Something isn't working unplanned vendor wontfix This will not be worked on

Comments

@bseeger
Copy link

bseeger commented Apr 7, 2021
edited
Loading

If we have time to fix one angle of this, then fixing #108 will be of higher benefit as it will provide pre-save validation and cover both the UI and ingest workflow paths.

The member_of field is an Entity Reference field that will show all the nodes in the system, regardless of whether or not the user can edit them. Ideally this member_of field will only allow nodes that the user has edit permission on.

This can manifest a weird scenario where a user can add a node to any collection in the system, regardless of whether or not they have permissions to edit items in that collection.

Here is one thing I tried to do to fix it, but wasn't able to get it to work: https://docs.google.com/document/d/12UBsXPWy9lG8owxg2cAA7ixxoqLgAi0oK1pSZoZSEWQ/edit#bookmark=id.iq5sjmhj3kw1

In theory this method should work, but after trying for a while, I couldn't get it to work and I needed to move on.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working unplanned vendor wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@birkland @bseeger @htpvu