17464: Add note about special case involving sharing links

author Peter Amstutz <peter.amstutz@curii.com>

Fri, 18 Jun 2021 16:58:52 +0000 (12:58 -0400)

committer Peter Amstutz <peter.amstutz@curii.com>

Fri, 18 Jun 2021 16:58:52 +0000 (12:58 -0400)
author Peter Amstutz <peter.amstutz@curii.com>
Fri, 18 Jun 2021 16:58:52 +0000 (12:58 -0400)
committer Peter Amstutz <peter.amstutz@curii.com>
Fri, 18 Jun 2021 16:58:52 +0000 (12:58 -0400)
diff --git a/doc/admin/restricting-upload-download.html.textile.liquid b/doc/admin/restricting-upload-download.html.textile.liquid

index 6983e413f51c48a9a3811237c2b0ace6498801fd..8d5c9f544cb209eb258ee610cb15fc73b400590c 100644 (file)
--- a/doc/admin/restricting-upload-download.html.textile.liquid
+++ b/doc/admin/restricting-upload-download.html.textile.liquid
@@ -33,6 +33,8 @@ The default policy allows anyone to upload or download.
            Upload: true
  </pre>
  
+If you create a sharing link as an admin user, and then give someone the token from the sharing link to download a file using @arv-get@, because the downloader is anonymous, the download permission will be restricted based on the "User" role and not the "Admin" role.
+
  h2. WebDAV and S3 API Permissions
  
  Permitting @WebDAV@ makes it possible to use WebDAV, S3 API, download from Workbench 1, and upload/download with Workbench 2.  It works in terms of individual files.  It prints a log each time a user uploads or downloads a file.  When @WebDAVLogEvents@ (default true) is enabled, it also adds an entry into the API server @logs@ table.
author	Peter Amstutz <peter.amstutz@curii.com>
	Fri, 18 Jun 2021 16:58:52 +0000 (12:58 -0400)
committer	Peter Amstutz <peter.amstutz@curii.com>
	Fri, 18 Jun 2021 16:58:52 +0000 (12:58 -0400)