Allow using 'uploader' search query without 'manage_users' capability

[jasperla]

trafficstars

Feature Category

• [ ] Correctness
• [x] User Interface / User Experience
• [ ] Performance
• [ ] Other (please explain)

Describe the problem

Currently the manage_users capability is required in order to use the uploader query, this seems wrong and an overly broad capability that's required merely for seeing what someone has uploaded.

For example, one could use an automated syncer user but other users that wish to query for only those samples with uploader:"syncer" currently get the error: No such user or group: syncer when they don't have the manage_users capability.

Describe the solution you'd like

To have this functionality be merged with the existing access_all_objects capability.

Describe alternatives you've considered

Alternatively a new capability could be created like query_user_objects ?

[psrok1]

Yeah, by default MWDB is pretty strict and gives access only to these user objects that are in the same groups as we are.

Idea with additional capability for accounts that should see all users but shouldn't have administration permissions sounds OK 👍

[psrok1]

@jasperla I have few more ideas about it:

• If all your users are already in everything group, you can go to the group settings and mark it as a Workgroup
• If you want to enable visibility of all uploaders for a specific user, you can use sharing_objects capability. The name isn't best because it doesn't enable sharing but allows to query all users/groups and share objects with them. It should be named sharing_with_anybody or something like that.

[jasperla]

@psrok1 Thank you, for my use-case enabling the Workgroup worked as expected.

As for the sharing_objects permission, renaming it to sharing_with_anybody or sharing_with_all seems appropriate.