We're updating the issue view to help you get more done. 

Patching metacards directly over HTTP should consider the context of sharing attribute changes

Description

Currently the UI is the only enforcer of sharing / ownership protection. The backend access / policy plugins need an update so that as values shift between the ACL attributes on a metacard, it is guaranteed that illegal shifts are not being done and the owner is not being undermined.

Environment

None

Status

Assignee

Steven Lombardi

Reporter

Steven Lombardi

Labels

None

Components

Fix versions

Affects versions

2.14.0

Priority

Critical