Revision access is based on record-level permissions instead of the global harvester curator permission.
If a curator has access to a record, they can view its revisions. If not, the API returns 403 (expected behavior).
The issue is that the Harvester Reports UI does not handle this 403 properly, so the error is unclear to the user.
Update: Currently, CDS curators should not hit a 403 on revisions in normal harvester flows, because the harvester runs for a single community and all curators are owners of that community. However, this can still become an issue in the future if the harvester starts processing records for other communities, or if there are accounts with harvester admin access that are not owners/curators of a specific community. In those cases, View changes for records from that community would correctly return 403, so the UI should handle that case clearly instead of failing with a blank state.
Related: administration error pages
When an error occurs inside the administration panel (for example 403 forbidden or 404 not found on /administration/...), users currently see the generic invenio-theme error pages. Those pages drop the admin sidebar and header, which is confusing because the user is still in the administration area.
Administration URLs should show errors inside the normal admin layout, with a clear message and a link back to the administration dashboard. Errors on the rest of the site should keep using the existing theme error pages.
Revision access is based on record-level permissions instead of the global harvester curator permission.
If a curator has access to a record, they can view its revisions. If not, the API returns 403 (expected behavior).
The issue is that the Harvester Reports UI does not handle this 403 properly, so the error is unclear to the user.
Update: Currently, CDS curators should not hit a 403 on revisions in normal harvester flows, because the harvester runs for a single community and all curators are owners of that community. However, this can still become an issue in the future if the harvester starts processing records for other communities, or if there are accounts with harvester admin access that are not owners/curators of a specific community. In those cases, View changes for records from that community would correctly return 403, so the UI should handle that case clearly instead of failing with a blank state.
Related: administration error pages
When an error occurs inside the administration panel (for example 403 forbidden or 404 not found on /administration/...), users currently see the generic invenio-theme error pages. Those pages drop the admin sidebar and header, which is confusing because the user is still in the administration area.
Administration URLs should show errors inside the normal admin layout, with a clear message and a link back to the administration dashboard. Errors on the rest of the site should keep using the existing theme error pages.