Users in Org "Editor" team can access books when they do not belong to "Editor" team for the book or chapter
From QA of permissions in #974 (closed)
Expected behaviour
Users should only be able to access content in their organization, according to their role. (See user permissions sheet)
Current behaviour
Use case: User assigned as Editor from the Org users tab, but no role as editor in any book or book component
This type of user should not have access inside of books. They can only view based on sheet 1 Dashboard
of spreadsheet. When they try to open a book, they should see the message in screenshot below)
Steps to reproduce
- Login as a user who is member of org team "editors"
- Open any book manager page that this user does not belong to
- See that this user can edit the book
Possible solution
Use the same design done for collections manager page. Here's a view of an Editor of the Organisation that does not have access to a specific Collection:
Priority
Y
QA steps to verify this is resolved
- Login as a user who is a member of an Org team with an "Editor" role for the Org
- Open any book manager page that this user does not belong to
- See that this user cannot edit the book