In site/cds_rdm/permissions.py, HarvesterCurator() is currently added to CDSRDMRecordPermissionPolicy.can_search_revisions so curators can use "View Changes" from Harvester Reports.
Right now this can expose the normal record revision history after the permission check, not only system-made revisions from harvesting.
So curators may be able to see revisions created by other users, not just system-originated ones.
In site/cds_rdm/permissions.py, HarvesterCurator() is currently added to CDSRDMRecordPermissionPolicy.can_search_revisions so curators can use "View Changes" from Harvester Reports.
Right now this can expose the normal record revision history after the permission check, not only system-made revisions from harvesting.
So curators may be able to see revisions created by other users, not just system-originated ones.