-
Type:
Defect
-
Resolution: Done
-
Priority:
Critical
-
Affects Version/s: 1.3.0-M2
-
Component/s: Authorization
-
None
The access control logic has recently changed when a restricted dataset is encountered by a non-logged in user (eg: a Guest user).
When a restricted dataset detail page is shown with "locked" "Download files for this collection" link, clicking on the link results in an "Authorization Required" request group membership page (ac/accessDenied.htm).
The used to (and should) present the user with a login page when this link was selected. The "Authorization Required" request group membership page should only be shown to logged in users.
This logic appears to be reversed from the previous 1.2 release version
When a restricted dataset detail page is shown with "locked" "Download files for this collection" link, clicking on the link results in an "Authorization Required" request group membership page (ac/accessDenied.htm).
The used to (and should) present the user with a login page when this link was selected. The "Authorization Required" request group membership page should only be shown to logged in users.
This logic appears to be reversed from the previous 1.2 release version