Security feature toggle inconsistency for project-level shares when set to "required" in global settings

Description

Ensure that when a security feature is set to "required" in Global Settings, basic users creating shares at the project level cannot toggle this feature off.

Currently, the UI incorrectly allows users to attempt disabling the security feature, which causes confusion as the system appears to save the share without it, although the feature remains active.


Steps to reproduce

  1. Set a specific security feature to "required" in Global Settings.

  2. Log in as a basic user and attempt to create a share at the project level.

  3. Observe that the security feature toggle appears available for the user to disable.

  4. Save the share and check if the security feature remains active.

Expected behavior

  • The security feature toggle should be disabled for users when set to "required" in Global Settings.

  • Basic users should not have the option to disable the security feature.

  • The UI should clearly reflect the "required" status of the security feature, preventing user confusion.

Linked issues

duplicates
Issue Type Icon ESFJ-1364 Selected users - Config not applying to associated project/ default setting Priority: Highest
Withdrawn
relates to
Issue Type Icon SUP-1472 Need Assistance Globally Restricting Shares to our Domain and Sharing within our Domain Priority: Medium
Waiting for customer

Activity

Krzysztof Bogdan 29 January 2025, 10:33

@Mariusz Szymański

I do not see how we could fix password and expiration datetime.

But we can “fix” SSO and selected users.

1. SSO required on project config, SSO disabled on share → SSO enabled
2. SSO disabled on project config, SSO enabled on share → SSO disabled
3. Share with users required on project config, Share with users on on share is empty → Share with users required on project config
4. We ignore selected users/domains on share level that are not in project config.

Mariusz Szymański 29 January 2025, 10:26

@Krzysztof Bogdan

Password required - not set on share

Expiration required or Custom - not set on share

SSO required - not set on share

SSO disabled - set on share

Share with users required - not set on share

Share with users required - one or more emails or domains on share are outside of what is configured in parent config

Krzysztof Bogdan 29 January 2025, 10:21

@Mariusz Szymański

Krzysztof Bogdan 29 January 2025, 10:21

Yea. I am thinking about some documentation when we will “fix” share and when page will fail to render.
What are other cases when share wont work except password case?

Mariusz Szymański 29 January 2025, 10:02

@Krzysztof Bogdan For example, if password is required by parent config and share config does not have password set, the link will be invalid. That’s how we agreed this task.

Krzysztof Bogdan 29 January 2025, 09:56

@Mariusz Szymański Can you give example when security config is not aligned and share will show error page?

I think we should try to render page based on project-level config, ignoring share-level config.

Mariusz Szymański 29 January 2025, 08:40

From now on user may set any security config regardless of parent configuration. However, they will receive warning message if selected option is against the parent config. Shares with security config not align with parent open with error page.

Automation for Jira 29 January 2025, 08:38

Hello [~accountid:],
Task is ready for review.

@Mariusz Szymański please make sure reviewer
have easy access to contend to be reviewed.

If this is code change. Please make sure PR is created.
If this is new documentation, blogpost, etc. Please provide link to page.