[FEATURE] Group provenance information

[ll4strw]

Yoda v1.9.0

This is probably related to #44, #413, and #468.

Any research-<group_name> member can insert arbitrary provenance information to a research group collection, see below

In particular, by adding/modifying metadata with org_action_log attribute and value which format is different than yoda's expected format '["<timestamp>", "<action>", "<actor_email>"]' will produce a 500 error, which will result in the impossibility to read a folder provenance info for any other user.

Could maybe attribute org_action_log be protected? Alternatively, yoda should ignore any formats she does not know when parsing that attribute value so that it does not produce a 500 error.

[stsnel]

Thanks for the issue report. This is indeed a specific case of the general problem described in #44. We'll be able to fix the root cause of this issue when/after Yoda 2.0 is released. I've assigned this issue to the Yoda 2.0 version milestone for now.