Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Skip create permission check if validating #4090

Merged
merged 5 commits into from
Nov 2, 2023
Merged

Skip create permission check if validating #4090

merged 5 commits into from
Nov 2, 2023

Conversation

realVinayak
Copy link
Contributor

Allows users with just validate permission to validate a dataset without create permission to tables.

See #2395 (comment)

@realVinayak realVinayak linked an issue Oct 8, 2023 that may be closed by this pull request
WorkBench validation can require create access #2395
Closed
grantfitzsimmons
grantfitzsimmons approved these changes Oct 8, 2023
View reviewed changes
Copy link
Member

@grantfitzsimmons grantfitzsimmons left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested as wbuser on a copy of RBGE's database. Looks like all is working as expected! Very exciting development.

The role configured for this user is read-only for everything, with additional abilities granted for creating queries, record sets, and WorkBench datasets. No write permission for any table, and this is blocked as one would expect.

https://herbrbge9323-issue-2395.test.specifysystems.org/specify/security/user/37/

Video here demonstrating it

@realVinayak
Copy link
Contributor Author

Testing instructions

  1. Use a specify user without exclusive right access to tables, but with the permission to validate a dataset.
  2. Use a prior dataset or make a new one which will make new records in the database (important). For example, add a random species, or a collectionobject with a high catalog number. Make sure that records in this dataset don't already exist, so that workbench will create records.
  3. This branch should allow validating, even though create permission to tables isn't given. Production should throw an error saying NoMatchingRuleException(.... create)

@realVinayak realVinayak marked this pull request as ready for review October 9, 2023 00:09
maxpatiiuk
maxpatiiuk approved these changes Oct 9, 2023
View reviewed changes
Copy link
Member

@maxpatiiuk maxpatiiuk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for fixing this!

@melton-jason melton-jason requested a review from a team October 11, 2023 18:34
@realVinayak realVinayak added this to the 7.9.2 milestone Oct 21, 2023
@grantfitzsimmons grantfitzsimmons merged commit 0759eff into production Nov 2, 2023
9 checks passed
@grantfitzsimmons grantfitzsimmons deleted the issue-2395 branch November 2, 2023 17:29
@specifysoftware
Copy link

This pull request has been mentioned on Specify Community Forum. There might be relevant details there:

https://discourse.specifysoftware.org/t/specify-7-9-2-release-announcement/1452/1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grantfitzsimmons grantfitzsimmons grantfitzsimmons approved these changes

@CarolineDenis CarolineDenis CarolineDenis approved these changes

@melton-jason melton-jason melton-jason approved these changes

@maxpatiiuk maxpatiiuk maxpatiiuk approved these changes

@acwhite211 acwhite211 Awaiting requested review from acwhite211

Assignees
No one assigned
Labels
None yet
Projects
General Tester Board
Status: Done
Milestone
7.9.2
Development

Successfully merging this pull request may close these issues.

WorkBench validation can require create access
6 participants
@realVinayak @specifysoftware @grantfitzsimmons @maxpatiiuk @melton-jason @CarolineDenis