Comment 1 for bug 1530611

This is due to a bug in how group & institution blogs were inserted into the Journal blocktypes. The blog blocktypes use the "artefactchooser" Pieform element, which applies this logic to decide which artefacts the user can select, based on whether the page is owned by a group, institution, or user:

group: Show site artefacts, and all artefacts in this group which the user has "view" permission on

institution: Show site artefacts, and artefacts owned by this institution

user: Show public site artefacts, other site artefacts (if the user is an admin), artefacts of the user's institutions, group artefacts for the user's groups if the user has "republish" permission on them, and finally the user's own artefacts.

When the blog blocktypes were implemented, apparently it was a design decision that the access for these artefacts should be different, and limited only to institution blogs for an institution page, group blogs for a group page, and user blogs for a user page. This was implemented by adding a list of artefact IDs as a filter to the artefactchooser. The bug here, is that the code to add that list of artefact IDs, was added to the "journal" block and the "journal entry" block, but not the "recent journal entries" block.

Currently that filter code is copied & pasted into both journal & journal entry separately. The quick fix for 15.10 would be to copy and paste the code into the "recent journal entries" block as well.

A better fix, which we should probably do for 16.04, is to refactor that code so that it's shared between all there blog blocktypes, so that if we make future access changes, we won't have problems. Additionally, the way it's currently written it writes a SQL query that contains the ID of *every* artefact owne by the user (or group or institution), which could be quite large and cause memory problems. We should probably move this change in logic down into the artefactchooser somewhere.