- Issue created by @igorbiki
- π¨π¦Canada igorbiki
Had to introduce new permission, access to bulk export. Previoulsy, user was required to have two permissions to access mass export (administer bibcite AND access bibcite export) this meant you need to grant adminster bibcite permission which has security implications.
With new permission, you have a control over single entity export and mass export.
- First commit to issue fork.
- πΊπΈUnited States bkosborne New Jersey, USA
bkosborne β changed the visibility of the branch 3340674-improved-export-control to hidden.
- Status changed to Needs work
11 months ago 5:52pm 15 May 2024 - πΊπΈUnited States bkosborne New Jersey, USA
There's two separate issues here.
- The permission to control accessing the exported formats is controlled by the same permission as bulk export. This is problematic as you may want anonymous users to access the individual reference export links but not the administrative action for bulk exporting
- There's no access check on the export links that appear on the reference. The links to export in various formats are displayed even if the user doesn't have permission to export them
Let's scope this issue to only the first problem as it's the simplest to solve. I see the patch tried to solve both, but the solution in the patch is not correct as it hides ALL links from showing if the user lacks the export permission, even though the export permission is only applicable to some of the links.
- πΊπΈUnited States bkosborne New Jersey, USA
Created β¨ Bibcite link plugins should support access checks Needs work to handle the issue where links are shown even if user doesn't have access to them.
- Merge request !29Add a new permission for controlling bulk export of references separately from individual export. β (Open) created by bkosborne
- Status changed to Needs review
11 months ago 6:35pm 15 May 2024 - πΊπΈUnited States bkosborne New Jersey, USA
Okay, added the permission for bulk operations in a merge request.