Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Files in masked records: access rights should be limited to those of its record #746

Closed
mmo opened this issue Jan 10, 2022 · 0 comments · Fixed by #754
Closed

Files in masked records: access rights should be limited to those of its record #746

mmo opened this issue Jan 10, 2022 · 0 comments · Fixed by #754
Assignees
@jma
Labels
bug Breaks something but is not blocking f: permissions Concerns the rights management f: public ui p-High To set a high priority!

Comments

@mmo
Copy link
Collaborator

mmo commented Jan 10, 2022

When a record is masked (either masked_for_all or masked_for_external_ips), the access rights of the files attached to the record should be at least as strict.

Ideally, this should not modify the access property of the files, as the record's masked property should be allowed to change independently of the files' access rights.

Summary of the rules for file access, depending on it's containing record's masked statuts:

  • record is not_masked:
    • employ the normal access property of the file
  • record is masked_for_all:
    • forbid access to the file
  • record is masked_for_external_ips:
    • allow access to the file only within the allowed IP address ranges
@mmo mmo added bug Breaks something but is not blocking f: permissions Concerns the rights management f: public ui p-High To set a high priority! labels Jan 10, 2022
@jma jma self-assigned this Jan 17, 2022
jma added a commit to jma/sonar that referenced this issue Jan 26, 2022
@jma
files: fix files permissions
0ce3750 
* Adds files restriction for documents.
* Adds files restriction for deposits.
* Adds files restriction for organisations.
* Adds files restriction for collections.
* Fixes document restrictions.
* Closes rero#746.

Co-Authored-by: Johnny Mariéthoz <Johnny.Mariethoz@rero.ch>
@jma jma mentioned this issue Jan 26, 2022
Merged
7 tasks
jma added a commit that referenced this issue Jan 26, 2022
@jma
files: fix files permissions
914eb1a 
* Adds files restriction for documents.
* Adds files restriction for deposits.
* Adds files restriction for organisations.
* Adds files restriction for collections.
* Fixes document restrictions.
* Closes #746.

Co-Authored-by: Johnny Mariéthoz <Johnny.Mariethoz@rero.ch>
jma added a commit to jma/sonar that referenced this issue Jan 26, 2022
@jma
files: fix files permissions
68ff0fd 
* Adds files restriction for documents.
* Adds files restriction for deposits.
* Adds files restriction for organisations.
* Adds files restriction for collections.
* Fixes document restrictions.
* Closes rero#746.

Co-Authored-by: Johnny Mariéthoz <Johnny.Mariethoz@rero.ch>
jma added a commit to jma/sonar that referenced this issue Jan 27, 2022
@jma
files: fix files permissions
339a8f2 
* Adds files restriction for documents.
* Adds files restriction for deposits.
* Adds files restriction for organisations.
* Adds files restriction for collections.
* Fixes document restrictions.
* Closes rero#746.

Co-Authored-by: Johnny Mariéthoz <Johnny.Mariethoz@rero.ch>
jma added a commit to jma/sonar that referenced this issue Jan 27, 2022
@jma
files: fix files permissions
a0e5c5c 
* Adds files restriction for documents.
* Adds files restriction for deposits.
* Adds files restriction for organisations.
* Adds files restriction for collections.
* Fixes document restrictions.
* Closes rero#746.

Co-Authored-by: Johnny Mariéthoz <Johnny.Mariethoz@rero.ch>
jma added a commit to jma/sonar that referenced this issue Jan 31, 2022
@jma
files: fix files permissions
ec36b72 
* Adds files restriction for documents.
* Adds files restriction for deposits.
* Adds files restriction for organisations.
* Adds files restriction for collections.
* Fixes document restrictions.
* Closes rero#746.

Co-Authored-by: Johnny Mariéthoz <Johnny.Mariethoz@rero.ch>
jma added a commit to jma/sonar that referenced this issue Jan 31, 2022
@jma
files: fix files permissions
7647014 
* Adds files restriction for documents.
* Adds files restriction for deposits.
* Adds files restriction for organisations.
* Adds files restriction for collections.
* Fixes document restrictions.
* Closes rero#746.

Co-Authored-by: Johnny Mariéthoz <Johnny.Mariethoz@rero.ch>
jma added a commit to jma/sonar that referenced this issue Jan 31, 2022
@jma
files: fix files permissions
bbae1bd 
* Adds files restriction for documents.
* Adds files restriction for deposits.
* Adds files restriction for organisations.
* Adds files restriction for collections.
* Fixes document restrictions.
* Closes rero#746.

Co-Authored-by: Johnny Mariéthoz <Johnny.Mariethoz@rero.ch>
jma added a commit to jma/sonar that referenced this issue Feb 1, 2022
@jma
files: fix files permissions
0d0046c 
* Adds files restriction for documents.
* Adds files restriction for deposits.
* Adds files restriction for organisations.
* Adds files restriction for collections.
* Fixes document restrictions.
* Closes rero#746.

Co-Authored-by: Johnny Mariéthoz <Johnny.Mariethoz@rero.ch>
@jma jma closed this as completed in #754 Feb 2, 2022
jma added a commit that referenced this issue Feb 2, 2022
@jma
files: fix files permissions
01282bf 
* Adds files restriction for documents.
* Adds files restriction for deposits.
* Adds files restriction for organisations.
* Adds files restriction for collections.
* Fixes document restrictions.
* Closes #746.

Co-Authored-by: Johnny Mariéthoz <Johnny.Mariethoz@rero.ch>
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@jma jma

Labels
bug Breaks something but is not blocking f: permissions Concerns the rights management f: public ui p-High To set a high priority!
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

files: fix files permissions jma/sonar
2 participants
@mmo @jma