Actions
feature request #6654
closedimplement a CdmPermissionVoter for Registrations
Status:
Closed
Priority:
Priority14
Assignee:
Category:
cdmlib
Target version:
Start date:
Due date:
% Done:
100%
Estimated time:
Severity:
critical
Description
Registrations need to be protected by a RegistrationsVoter which evaluates CRUD permissions given to users or Groups.
Current situation:
The default data inserter (eu.etaxonomy.cdm.dataInserter.RegistrationRequiredDataInserter
) creates the role CURATION in the data base this role is being used to grant access to the Registration editor. This level of protection is however not sufficient. It is in principle still possible to to get write access via the http invoker remoring service.
ToDo:
- implement RegistrationsVoter (extends CdmPermissionVoter) and configure the security context to use it
- add a default Group to the first data inserter:
RegistrationCurator = "Registration.[DELETE,CREATE,UPDATE,READ]"
- implement tests
- Phycobank specific:
- all users must be given the PermissionGroup
Editor
see https://dev.e-taxonomy.eu/redmine/projects/edit/wiki/CdmAuthorisationAndAccessControl#Permission-Groups - the required data inserter should extend the PermissionGroup
Editor
by "Registration.[CREATE]" - In a first step only the curator will be able to change the registration state. A submitter will need to ask the curation for state changes.
- In a second step we will implement a
RegistrationStateManager
which can change the RegistrationState on behalf of the user, since the user is not permitted to change the Registration again. The user can request theRegistrationStateManager
for state changes by sending aRegistrationStateEvent
with one of the following messages:PREPARATION_COMPLETE
=> new state:CURATION
,WITHDRAW
=> new state:REJETCED
. see #6655 for more details
- all users must be given the PermissionGroup
Related issues
Updated by Andreas Kohlbecker almost 7 years ago
- Tracker changed from bug to feature request
Updated by Andreas Kohlbecker almost 7 years ago
- Related to feature request #6655: Implement a RegistrationManager with state machine added
Updated by Andreas Kohlbecker almost 7 years ago
- Description updated (diff)
- Priority changed from New to Priority14
- Target version changed from Unassigned CDM tickets to Release 4.9
- Severity changed from normal to critical
Updated by Andreas Müller over 6 years ago
- Target version changed from Release 4.9 to Release 4.10
Updated by Andreas Kohlbecker over 6 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 50
Applied in changeset cdmlib|472cb9dce75a42eadaf2ebfe04622223fa552b13.
Updated by Andreas Kohlbecker over 6 years ago
- Related to feature request #6852: GrantedAuthorities and permission Groups for Phycobank added
Updated by Andreas Kohlbecker over 6 years ago
- Related to deleted (feature request #6852: GrantedAuthorities and permission Groups for Phycobank)
Updated by Andreas Kohlbecker over 6 years ago
- Copied to feature request #6852: GrantedAuthorities and permission Groups for Phycobank added
Updated by Andreas Kohlbecker over 6 years ago
- Status changed from Resolved to Closed
- % Done changed from 50 to 100
Updated by Andreas Kohlbecker over 6 years ago
- Related to feature request #7016: implement a CdmPermissionVoter for TypeDesignations added
Updated by Andreas Kohlbecker over 6 years ago
- Related to feature request #7018: implement a CdmPermissionVoter and default authorities for SpecimenOrObservationBase added
Actions