volunteer-portal icon indicating copy to clipboard operation
volunteer-portal copied to clipboard

Published 20 hours ago verified publisher icon AtlasOfLivingAustralia

Close Project Validator loophole

Open cdausmus opened this issue 2 years ago • 0 comments

It is currently possible to validate a task from project [A] whilst being only assigned validator at the project-level for project [B].

Discuss whether this loop hole really needs closing.

Potential test case:

Project Validator (new permissions test case)

  • Setup 1: Create/locate 2 projects in the same institution that have transcribed tasks.
  • Setup 2: Assign user [A] as a project-level validator to project [1]. Ensure user [A] does not have admin or validator access to project [2].
  • Setup 3: Obtain a link to validate a task in project [2] (using an admin user).
  • Navigate to project [1]. Ensure the project home page displays an 'Admin' button. Click on the 'Admin' button. The project admin task list should be displayed.
  • Select a task to be validated.
  • Enter new data and click the 'Submit validation' button. Ensure the project admin task list is displayed.
  • Verify the value 'Validated' is displayed for the 'Status' column against the task that was validated.
  • Navigate to the link from project [2] with user [A].
  • Ensure the user cannot access the task

cdausmus avatar Mar 14 '22 03:03 cdausmus