Project

General

Profile

Actions

feature request #3709

open

[E+M][Editor] sufficient rights management for E+M workflow

Added by Andreas Kohlbecker almost 11 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
Highest
Category:
taxeditor
Target version:
Start date:
Due date:
% Done:

80%

Estimated time:
20:00 h
Severity:
major

Description

Implement rights management and roles etc. which is needed for the E+M workflow:

Groups and Authorities

In ticket #4082 (implement default permission groups) the default PermissionGroups habe been implemented for Eumed ( and hopefully also for other databases). These default permission groups have to be combined and others have to be created manually in order to create the effective user groups for euro + med, which are:

  1. das Editorial Board, das Lese- und Schreibrechte auf sämtlichen Daten hat (ROLE_PUBLISH + group ProjectManager + group Editor + group Euro+Med Plantbase")

  2. die einzelnen Autoren, die Lese-und Schreibrechte für ihre jeweilige taxonomische Gruppe (Familie, Gattung etc. mit allen darin enthaltenen Taxa) haben, aber zum Beispiel keine neuen bibliographischen Referenzen (etwa für geographische Angaben) editiern, hinzufügen oder löschen dürfen - nomenklatorische Referenzen dürfen sie hinzufügen, aber bestehende Referenzen nicht ändern oder löschen.

Im CDM sollen Autoren aber grundsätzlich Referenzen anlegen dürfen. Sie müssen dann eben prüfen, ob die Referenz schon existiert! (group Editor + group __"))

  1. Eine dritte Ebene betrifft die Eingabe von Common Names - diese Nutzer dürfen an der Taxonomie und den Namen nichts ändern, sondern lediglich Informationen (factual data) mit entsprechenden bibl. Referenzen hinzufügen.

Additional Groups:

Group Euro+Med Plantbase:

TAXONNODE.[CREATE,READ,UPDATE,DELETE]

Group **:

TAXONNODE.[CREATE,READ,UPDATE,DELETE]{$uuid}

see also milestone Taxeditor-security

Requirements

  • protect cdm types with CdmAuthorities:

    • Taxon - OK
    • TaxonNode - OK
    • Terms - TODO: Group Editor = TERMBASE[CREATE,READ]; new Group Project_Admin = ROLE_PROJECT_MANAGER, TERMBASE[CREATE,READ,UPDATE;DELETE]
    • References - TODO Group Editor = REFERENCE[CREATE,READ]; new Group Project_Admin = ROLE_PROJECT_MANAGER, REFERENCE[CREATE,READ,UPDATE;DELETE]
    • Names - TODO Group Editor = TAXONNAMEBASE[CREATE,READ]; new Group Project_Admin = ROLE_PROJECT_MANAGER, TAXONNAMEBASE[CREATE,READ,UPDATE;DELETE]
  • Restrict permission to edit, create, remove taxa can be restricted to one or multiple taxonomic groups - seems to be working -but the editor displays aggressive and technical error dialogues in case a user dares to execute a prohibited operation-. Three actions need be taken to improve this situation:

  1. #4056 (taxeditor responds with nicer dialogue in case a user executes a prohibited operation)

  2. #3781 (Protect new and delete TaxonNode commands [DISCUSS])

  3. #4055 (operations offered by editor adapt to the users granted authorities) - UNDER REVIEW

  4. #4111 (behaviour of TaxonEditor for users with limited grants [DISCUSS])

  5. a bug: #4115 ('editor' users cannot create new references via the reference select list)

  • Publish flag: A person allowed to edit a taxonomic group should not at the same time be allowed to publish this taxon. Therefore a special PUBLISH role is needed, which can be global or bound to a classification:

    • publish flag in cdmlib: #1780 (Publish bit instead of marker)
    • #4101 (publish bit must not set by default for new taxa)
    • permission management: #3980 (Implement PUBLISH role into cdmlib security)
    • editor: #3739 (Allow editing of publish bit for Taxon and SpecimenOrObservationBase), #3951 (Allow editing of publish bit for SpecimenOrObservationBase), #4011 (disallow changing publish flag for users with unsuffcient rights)
    • #4132 (automatic setting of the publish flag after editing an entity ([DISCUSS])
    • #4133 (publish flag inheritance for new taxa [DISCUSS])
  • Users, Groups and Granted authorities can be more or less easily managed:

    • #2282 (Implement User and Group Management facilities in the Taxonomic Editor)
    • #2414 (Group updating doesn't work)
    • #3782 (Security Context is not updated after editing GrantedAuthorities of a Group)
    • #4082 (implement default permission groups)
    • lower priority tickets:
    • #4013 (GrantedAuthority: Humane label of TaxonNode authorities)
    • #4014 (user friendly way to assign Authotity Roles to users or to Groups)
    • #4052 (disentangle Group, Role, CdmAuthority, GrantedAuthorityImpl, ...)
    • #4054 (Taxeditor, Group Bulkeditor cannot delete Group)

Related issues

Related to EDIT - feature request #4101: Default value for publish bit of new taxa must be configurable via DB preferencesClosedKatja Luther

Actions
Related to EDIT - feature request #4011: disallow changing publish flag for users with unsuffcient rightsWorksformeKatja Luther03/11/202203/18/2022

Actions
Related to EDIT - feature request #4133: publish flag inheritance for new taxa [DISCUSS]DuplicateAndreas Müller

Actions
Related to EDIT - feature request #4014: User friendly way to assign Authority Roles to users or to GroupsNewAndreas Kohlbecker

Actions
Related to EDIT - feature request #5873: Implement rights&roles for TaxEditor distribution editorIn ProgressKatja Luther

Actions
Related to EDIT - feature request #6162: Implement "Forgot your password?" button in the Taxeditor connect dialog NewKatja Luther

Actions
Related to EDIT - task #3560: Withheld unpublished taxa from webservices used in E+M dataportalClosedAndreas Müller

Actions
Related to EDIT - feature request #4305: newly created entities must stay editable even if a user only has the permission to create themIn ProgressAndreas Kohlbecker

Actions
Related to EDIT - feature request #8239: Rights issues in TaxEditorNewKatja Luther

Actions
Actions #1

Updated by Andreas Müller almost 11 years ago

  • Assignee changed from Andreas Müller to Andreas Kohlbecker
Actions #2

Updated by Andreas Kohlbecker over 10 years ago

from email

Hallo Andreas und alle anderen,

(sorry Cherian for this Email completely in German)

hier die PermissionGroups die für Eumed und alle anderen Datenbanken gebraucht werden um die Rechte von Nutzern auf einzelne taxonomische Gruppen einschränken zu können.

Group "Editor" (wird immer gebraucht):

DESCRIPTIONELEMENTBASE.DESCRIPTIONBASE.[CREATE,UPDATE,DELETE,READ

TAXONBASE.[CREATE,UPDATE,DELETE,READ]

Pro Taxonomische Gruppe dann eine spezielle Gruppe, z.b

Compositae

TAXONNODE.READ, UPDATE, DELETE{820604dc-00ac-4ffb-95d7-a6bcc012900f}

(keine Ahnung ob diese UUID stimmt ;-) ist nur ein Beispiel)

Ein User bekommt dann immer die Gruppe "Editor" plus eine spezielle TaxonNode bezogene Gruppe, und los geht's mit dem Editieren mit eingeschränkten Rechten

viele Grüße

Andreas

Actions #3

Updated by Andreas Kohlbecker over 10 years ago

  • Status changed from New to In Progress
Actions #4

Updated by Andreas Kohlbecker almost 10 years ago

  • Keywords set to Euro+Med,Migration
Actions #11

Updated by Andreas Kohlbecker about 7 years ago

  • Related to feature request #4101: Default value for publish bit of new taxa must be configurable via DB preferences added
Actions #15

Updated by Andreas Kohlbecker about 7 years ago

  • Related to feature request #4011: disallow changing publish flag for users with unsuffcient rights added
Actions #17

Updated by Andreas Kohlbecker about 7 years ago

Actions #22

Updated by Andreas Kohlbecker about 7 years ago

  • Related to feature request #4014: User friendly way to assign Authority Roles to users or to Groups added
Actions #25

Updated by Andreas Kohlbecker about 7 years ago

  • Description updated (diff)
  • Private changed from Yes to No
Actions #26

Updated by Andreas Kohlbecker about 7 years ago

Actions #27

Updated by Andreas Kohlbecker about 7 years ago

  • Related to feature request #6162: Implement "Forgot your password?" button in the Taxeditor connect dialog added
Actions #28

Updated by Andreas Kohlbecker about 7 years ago

  • Related to task #3560: Withheld unpublished taxa from webservices used in E+M dataportal added
Actions #31

Updated by Andreas Kohlbecker about 7 years ago

  • Related to feature request #4305: newly created entities must stay editable even if a user only has the permission to create them added
Actions #34

Updated by Andreas Müller about 6 years ago

  • Estimated time set to 20:00 h
Actions #35

Updated by Katja Luther over 5 years ago

Actions #36

Updated by Andreas Müller about 5 years ago

  • Target version changed from Euro+Med Migration to Euro+Med TaxEditor issues
Actions #37

Updated by Andreas Kohlbecker over 4 years ago

  • Tags changed from euro+med, migration to euro+med, migration, permission
Actions #38

Updated by Andreas Müller over 2 years ago

  • Status changed from In Progress to Resolved
  • Assignee changed from Andreas Kohlbecker to Andreas Müller
  • Target version changed from Euro+Med TaxEditor issues to Release 5.51

This is either fixed or needs to be split.

Actions #39

Updated by Andreas Müller over 2 years ago

  • Target version changed from Release 5.51 to Release 5.31
Actions #40

Updated by Andreas Müller over 2 years ago

  • Due date set to 03/16/2022
Actions #41

Updated by Andreas Müller over 2 years ago

  • % Done changed from 0 to 80
Actions #42

Updated by Andreas Müller over 2 years ago

  • Start date set to 01/01/2019
  • % Done changed from 80 to 0
Actions #43

Updated by Andreas Müller over 2 years ago

  • % Done changed from 0 to 80
Actions #44

Updated by Andreas Müller over 2 years ago

  • Start date changed from 01/01/2019 to 03/07/2022
Actions #45

Updated by Andreas Müller over 2 years ago

  • Description updated (diff)
  • Start date changed from 03/07/2022 to 03/10/2022
  • Severity changed from critical to major
Actions #46

Updated by Andreas Müller over 2 years ago

  • Due date changed from 03/16/2022 to 03/21/2022
  • Start date changed from 03/10/2022 to 03/16/2022
Actions #47

Updated by Andreas Müller over 2 years ago

  • Due date changed from 03/21/2022 to 04/08/2022
  • Target version changed from Release 5.31 to Release 5.32
  • Start date changed from 03/16/2022 to 04/01/2022

This is a review ticket only and therefore we can postpone it a bit.

Actions #48

Updated by Andreas Müller about 2 years ago

  • Due date deleted (04/08/2022)
  • Target version changed from Release 5.32 to Release 5.51
  • Start date deleted (04/01/2022)
Actions

Also available in: Atom PDF