Granted access rights by being a member of a group does not work as expected

[mstfdkmn]

If you are granted by an access right by being a member of a group then some issues with ACL start. But if you are given access (own/write/read) as normal user then all permissions are working as normal on Metalnx. For example, you cannot see a file content by using preview tab if you are given read/write/own access only by a group. Or you cannot delete a data object if you are only given access (write/own) as a group. Since the first level "Action" drop-down menu is disabled, we cannot select any operations like "Delete", "Copy" etc. By the way the second level (view/Action/Delete) Action drop-down menu works.
However all these are working normal (as expected) through iCommands.

To be able to reproduce:

• Upload a simple file to your home (I preferred a .txt file to test easily the preview tab too)
• Create a group like "group_test" by being a rodsadmin by iCommands, iadmin mkgroup group-test
• Add your user account to the "group_test" group (you can add more users), iadmin atg group_test vsc33586
• Go to the permission tab of the file that you uploaded and, click on "Permissions" to add a group,
• Choose the group that you are member of (group_test) and set the permission to the highest - "own",
• Modify your user permission to the "none" on Metalnx or do this bu iCommands.
• You will immediately realize that your group permission field is disabled on Meatlnx and you are not authorized to see the preview.
• Also if you go back to the your home collection and after you choose the same file and you cant activate the disabled "Action" drop-down menu.

Please see relevant screen shots bellows to the steps.

Step 1: Check the uploaded file permission

Step 2: Check the group to see your name

Step 3: Add the group to the data object's permission

Step 4: Remove your user name from the permissions tab of the data object

Step 5: Check the permissions of the data object to see your group has the "own" permission but it is not enabled like you had by user permission

Step 6: Check the review tab of the data object to see you are not authorized anymore

Step 7: Check "Action" drop-down menu together with the data object to see it is disabled anymore

So we cannot manage permissions by groups via Metalnx.
Could you please check this whether you can see the same behaviors? Or we are missing something here?

Thanks.

Tested both in 4.2.8 - 2.4.0 and in 4.2.9 - 2.4.0. And ICAT is MySQL.

[JustinKyleJames]

This seems to have been fixed with the removal of the database. After adding the (non-admin) user to the group_test group, adding ownership of the file to this group, removing ownership from the non-admin user, I can see the preview and when I go back to the collection and select the file the action button is activated.

[korydraughn]

I like the sound of that. We'll see if @mstfdkmn is willing to test this once we publish the snapshots for Jargon.

[trel]

Excellent. Yes, I would imagine this should be fixed - as there are no longer any cached permissions in a separate location.

[JustinKyleJames]

I wasn't able to reproduce this even with the non-updated Metalnx. Something must have fixed this.

Some screenshots are attached.

[trel]

Great.

Let's wait to see if @mstfdkmn wants to chime in - but I think we can close this in the run-up to 3.0.0 if we have not heard by that time.