Project

General

Profile

feature request #6654

implement a CdmPermissionVoter for Registrations

Added by Andreas Kohlbecker over 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Priority14
Category:
cdmlib
Target version:
Start date:
05/19/2017
Due date:
% Done:

100%

Severity:
critical

Description

Registrations need to be protected by a RegistrationsVoter which evaluates CRUD permissions given to users or Groups.

Current situation:

The default data inserter (eu.etaxonomy.cdm.dataInserter.RegistrationRequiredDataInserter) creates the role CURATION in the data base this role is being used to grant access to the Registration editor. This level of protection is however not sufficient. It is in principle still possible to to get write access via the http invoker remoring service.

ToDo:

  • implement RegistrationsVoter (extends CdmPermissionVoter) and configure the security context to use it
  • add a default Group to the first data inserter: RegistrationCurator = "Registration.[DELETE,CREATE,UPDATE,READ]"
  • implement tests
  • Phycobank specific:
    • all users must be given the PermissionGroup Editor see https://dev.e-taxonomy.eu/redmine/projects/edit/wiki/CdmAuthorisationAndAccessControl#Permission-Groups
    • the required data inserter should extend the PermissionGroup Editor by "Registration.[CREATE]"
    • In a first step only the curator will be able to change the registration state. A submitter will need to ask the curation for state changes.
    • In a second step we will implement a RegistrationStateManager which can change the RegistrationState on behalf of the user, since the user is not permitted to change the Registration again. The user can request the RegistrationStateManager for state changes by sending a RegistrationStateEventwith one of the following messages: PREPARATION_COMPLETE => new state: CURATION, WITHDRAW => new state: REJETCED. see #6655 for more details

Related issues

Related to Edit - feature request #6655: Implement a RegistrationManager with state machine Rejected 05/19/2017
Related to Edit - feature request #7016: implement a CdmPermissionVoter for TypeDesignations Rejected 05/19/2017
Related to Edit - feature request #7018: implement a CdmPermissionVoter and default authorities for SpecimenOrObservationBase Closed 05/19/2017
Copied to Edit - feature request #6852: GrantedAuthorities and permission Groups for Phycobank Closed

Associated revisions

Revision 472cb9dc (diff)
Added by Andreas Kohlbecker over 1 year ago

fix #6654 RegistrationVoter implemented

History

#1 Updated by Andreas Kohlbecker over 1 year ago

  • Tracker changed from bug to feature request

#2 Updated by Andreas Kohlbecker over 1 year ago

  • Description updated (diff)

#3 Updated by Andreas Kohlbecker over 1 year ago

#4 Updated by Andreas Kohlbecker over 1 year ago

  • Description updated (diff)

#5 Updated by Andreas Kohlbecker over 1 year ago

  • Description updated (diff)
  • Priority changed from New to Priority14
  • Target version changed from Unassigned CDM tickets to Release 4.9
  • Severity changed from normal to critical

#6 Updated by Andreas Müller over 1 year ago

  • Target version changed from Release 4.9 to Release 4.10

#7 Updated by Andreas Kohlbecker over 1 year ago

  • Private changed from Yes to No

#8 Updated by Andreas Kohlbecker over 1 year ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 50

#9 Updated by Andreas Kohlbecker over 1 year ago

#10 Updated by Andreas Kohlbecker over 1 year ago

#11 Updated by Andreas Kohlbecker over 1 year ago

#12 Updated by Andreas Kohlbecker about 1 year ago

  • Status changed from Resolved to Closed
  • % Done changed from 50 to 100

#13 Updated by Andreas Kohlbecker about 1 year ago

#14 Updated by Andreas Kohlbecker about 1 year ago

  • Related to feature request #7018: implement a CdmPermissionVoter and default authorities for SpecimenOrObservationBase added

#15 Updated by Andreas Kohlbecker about 1 year ago

  • Description updated (diff)

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 40 MB)