Secret Links: Share Links Feature Not Working for Restricted Records in Restricted Communities

[Samk13]

Package version (if known): V12rc2

Describe the bug

The share links feature on a restricted record does not work for both unauthenticated and authenticated users.

Steps to Reproduce

1. Create a restricted record in a restricted community and publish it / or save the draft.
2. Go to share -> links -> create a new link -> copy the link.
3. Open an incognito window and paste the link -> see permission required.
4. Login as a new user and try to open the link -> still see permission required.

Expected behavior

The link should open the restricted record for users with the correct permissions.

[Samk13]

Related to #2694

[ntarocco]

ping @anikachurilova, can you please try to reproduce this issue?

[anikachurilova]

@Samk13 Thank you for reporting this!
Indeed, the problem exists if restricted record is being a part of a restricted community. The reason is that to have any kind of access to a restricted record of a restricted community, having a secret link is not enough, the user have to be also a member of this community with a role that allows them the corresponding access. So in this case, secret link permission allows seeing the record, but community restriction forbids it, as a result there is a 403 error.

Expected behavior: authorized, as well as guest users have access to the record with a secret link independently of the community. However, community name should not be displayed on the landing page of a record for users that are not members (TBD).

[utnapischtim]

for v12 we put that into known limitations

[github-actions]

This issue was automatically marked as stale.

[github-actions]

This issue was automatically marked as stale.