Details
-
Bug
-
Resolution: Invalid
-
Minor
-
COmanage Registry 3.2.2 (Oyster Pearl MR2)
-
None
Description
Identifier Assignments can be configured on a per-CO basis. CO admins can create new Identifier Assignments. However, when they click on the 'Autogenerate Identifiers' link, they get a permission denied message.
The CoIdentifierAssignmentController allows CoAdmins to autogenerate/assign identifiers. This causes the index view to show a link to the IdentifiersController/assign.json API interface.
This API interface checks for the Roles of the current user. Two problems occur here, both because no CO is passed along:
- The action does not seem to be CO related; this would seem to indicate that if a CmpAdmin autogenerates identifiers in one CO, he/she will autogenerate them in all COs
- The RoleBehavior component cannot determine if the current user is acting in a role as CoAdmin of a specific CO, due to the lack of CO information. That means any CoAdmin is treated as a regular unauthorized user instead.