The user with edit permission cannot save the changes made

Question

The user with edit permission cannot save the changes made

Closed this issue 3 years ago · 11 comments

ElenaGallo commented 3 years ago

Expected Behavior

The user with edit permission can save changes made on map and geostory

Actual Behavior

The user with edit permission cannot save the changes made on map and geostory.
Error on console:

PATCH https://stable.demo.geonode.org/mapstore/rest/resources/3227/?full=true 403 (Forbidden)

Steps to Reproduce the Problem

Login as admin
Create a map/geostory
Enable the edit permission for a user
Login with the user credential
Open the map/geostory
Edi it
Click on Save

Specifications

GeoNode version:
Installation method (manual, GeoNode Docker, SPCGeoNode Docker):
Platform:
Additional details:

Answer 1 · 2021-10-11T13:30:02.000Z

I could reproduce it and I see some problems.

@afabiani this map has full edit permission for some users. I added myself too for a test. W hen opening the page as one of those users the request to the security/permissions API returns 401

What's going on?

Answer 2 · 2021-10-11T13:46:55.000Z

If you want to allow a user to change a map or geostory configuration, currently the only way is to make it owner of it. There's no way from the gui to allow write permissions on such resources

Answer 3 · 2021-10-11T14:03:03.000Z

@ElenaGallo what do you mean by "The user with edit permission can save changes made on map and geostory"? How did you set those permissions? Maybe you refer to "change" permissions?

Answer 4 · 2021-10-11T14:11:22.000Z

@giohappy @afabiani
when as a user I have not allowed to edit (only view), the Edit Tools panel is not available and by opening the geostory it is only possible to save as a new gesotory (save as button), see gif below:

When as a user I have the possibility to edit, the Edit Tools panel is available and by opening the geostory there is the possibility to save the gesotory (save button) but an error occurs, see gif below:

Answer 5 · 2021-10-11T14:26:45.000Z

@afabiani I confirm that on geostory I get an error as a user with manage permissions:

geostory
Edit
Save
PATCH 403 Forbidden

Answer 6 · 2021-10-11T14:36:58.000Z

@ElenaGallo we confirm that the Save action is forbidden at the moment for non-admins and non-owners on maps, geostories (and I guess dashboards too). This is probably a regression affecting all versions.

I'm going to open an issue for that asap.

Answer 7 · 2021-10-12T10:52:20.000Z

Issue created GeoNode#8232

Answer 8 · 2021-10-19T11:02:45.000Z

@ElenaGallo plese test again on development. I'm going to update stable asap.

Answer 9 · 2021-10-19T12:36:55.000Z

@giohappy Test passed on development

Answer 10 · 2021-10-19T15:04:40.000Z

@ElenaGallo stable is updated, please test it too.

Answer 11 · 2021-10-19T15:59:37.000Z

@giohappy Test passed even on stable.