Basket lifts all restrictions (!)

#1

Hello,

I’ve created a user group which I set to “read only” regarding a specific collection. A user belonging to this group should only view the list of assets. However if he selects one of them, even if he’s restricted from editing, he’s allowed to take actions like “Send via email” or “Upload to FTP Server”. Long story short, he has access to the file. (a)

In addition, If he selects to put an asset to his basket and open it through the bottom tab, he automatically gets full access on it even on the system. Take a look at the following screenshot. He can edit its metadata or even delete it! (b)

So, I don’t think this is normal behavior…

We need to restrict a user from accessing the files (or edit them) before he make an order, which we need to approve first, before hes gonna be able to download anything. Can we achieve this using Razuna v1.7?

Thanks for your time.

#2

This is fixed in the upcoming 1.8 release.

1 Like
#3

Unfortunately, this is not completely fixed in v1.8 RC-2.

While the email and FTP actions are now hidden according to user’s permission (a), when an asset is added to the basket all options are still available as shown in the screenshot above (b).

Could you please take a look at this for the stable release of v1.8?

Thanks again,


Razuna v1.8 RC 2 stand-alone server
Ubuntu 14.04 LTS

#4

Hi lephleg ,

I tried to perform the actions follow your description of topic : “Basket lifts all restriction” above. When I open an asset from the bottom tab , its shows the asset in basket without Original and Preview of this asset , so the end user could not delete or send email or FTP without selected asset to do an action from there.

Please see the screen shot.

Hope this can help you.

Thanks.

#5

Dear Huy_Nguyen,

Things look very different here. Check this short screencast below:

The sharing options for the collection are the following:

Let me know if you need anything else to assist you with this,

le

#6

As mentioned this has been fixed in 1.8. If you are not seeing this, I suggest you flush the template cache and restart your server and browser. Must bee some caching issue.

1 Like
#7

Flushing the template cache after making changes on directory permissions does the trick.

It seems basket need that kind of flush to follow up with any permission changes. After I changed the settings to full access the basket remained to “read-only” until I flushed the template cache again.

So, I guess this is resolved. Thanks for your assistance and time.

#8

Whenever you do an update you always need to flush the template cache. This is outlined in our upgrade guides.