From 6b80bac39425191642b6a84b7cc18d5014155393 Mon Sep 17 00:00:00 2001
From: Dale Wahl <dalewahl@gmail.com>
Date: Mon, 17 Feb 2025 15:26:12 +0100
Subject: [PATCH] add privileges.can_view_private_datasets to
 User.can_access_dataset(); does not grant ability to manipulate/run
 processors

---
 common/lib/config_definition.py | 2 +-
 common/lib/user.py              | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/common/lib/config_definition.py b/common/lib/config_definition.py
index ee38ce705..4fd7a1135 100644
--- a/common/lib/config_definition.py
+++ b/common/lib/config_definition.py
@@ -139,7 +139,7 @@
     "privileges.admin.can_manipulate_all_datasets": {
         "type": UserInput.OPTION_TOGGLE,
         "default": False,
-        "help": "Can manipulate datasets",
+        "help": "Can manipulate all datasets",
         "tooltip": "Controls whether users can manipulate all datasets as if they were an owner, e.g. sharing it with "
                    "others, running processors, et cetera."
     },
diff --git a/common/lib/user.py b/common/lib/user.py
index 2722d7574..0471b7952 100644
--- a/common/lib/user.py
+++ b/common/lib/user.py
@@ -210,6 +210,10 @@ def can_access_dataset(self, dataset, role=None):
 
         elif self.is_admin:
             return True
+        
+        elif self.config.get("privileges.can_view_private_datasets", user=self):
+            # Allowed to see dataset, but perhaps not run processors (need privileges.admin.can_manipulate_all_datasets or dataset ownership)
+            return True
 
         elif dataset.is_accessible_by(self, role=role):
             return True