Permissions: Users can access books when not a member of any Org team
From QA of permissions in #974 (closed)
Expected behaviour
Users should only be able to access content in their organization, according to their role. (See user permissions sheet)
Current behaviour
When a user is accepted to an org they can view the list of books in the dashboard but not the content inside.
However they can access and change the book menu as below:
For chapters-processed books, users can view book components and submit. This action causes a component to get stuck on status 'new upload' in dashboard but actually it's converting.
Steps to reproduce
- Login as a user who has not been added to a book team
- Open any book manager page
- See that this user can edit the book
Possible solution
Use the same design done for collections manager page. Here's a view of an Editor of the Organisation that does not have access to a specific Collection:
Priority
Y
QA steps to verify this is resolved
- Login as a user who has been added to an Org team but not a Book team, and doesn't have admin access to the Org
- Open any book manager page
- See that your user cannot edit the book or submit book components and the page says 'You do not have sufficient permissions to access this page'