Patching metacards directly over HTTP should consider the context of sharing attribute changes

Description

Currently the UI is the only enforcer of sharing / ownership protection. The backend access / policy plugins need an update so that as values shift between the ACL attributes on a metacard, it is guaranteed that illegal shifts are not being done and the owner is not being undermined.

Environment

None

Assignee

Steve Lombardi

Reporter

Steve Lombardi

Labels

None

Components

Fix versions

Affects versions

Priority

Critical
Configure