Project

General

Profile

feature request #6867

explicitely assign and revoke UPDATE & DELETE permission per enitity in the registration workflow

Added by Andreas Kohlbecker over 1 year ago. Updated 4 months ago.

Status:
Closed
Priority:
New
Category:
cdm-vaadin
Target version:
Start date:
12/21/2017
Due date:
% Done:

100%

Severity:
blocker

Description

After an in depth discussion in #4305 we decided that for phyconbank the strategy D) (per instance UPDATE & DELETE permission) would be the most appropriate:

  • a submitter will the per instance UPDATE+DELETE permission when he creates a Reference, TeamOrPersonBase, Name instance.
  • once a registration is set to the states rejected, ready or published the UPDATE+DELETE permission must be revoked again, so that the registered name and references are protected from being changed after the editing registration workflow has ended.

The RegistrationManager (#6655) will be responsible for assigning and revoking of authorities. NOTE: It is more reliable to implement the revoking of permissions in a GrantedAuthorityRevokingRegistrationUpdateListener which has been implemented with for #7148 in cdm-vaadin|af48539c


For the future is might be good idea to move the assignment of authorities into the cdmlib istelf:

  • A ExtendedCreatePermissionManager. This implements listener interfaces
    • hibernate SaveOrUpdateEventListener or Interceptor to be able to act when a newly created instance of Reference, TeamOrPersonBase, Name, ... is being saved, see #7147
    • RegistrationStateChangeEventLister to be noticed when the registration state is changed to rejected, ready or published so that the permissions can be revoked. ==> this has been implemented as Hibernate PostUpdateEventListener the GrantedAuthorityRevokingRegistrationUpdateListener DONE

Subtasks

feature request #7148: GrantedAuthorityRevokingRegistrationUpdateLister: delete orphan references to GrantedAuthorityImpl in User and GroupClosedAndreas Kohlbecker


Related issues

Related to Edit - bug #6886: Entity creation for users having only CREATE may fail in long running conversations Duplicate 08/04/2017
Related to AlgenRegistrierung - bug #6185: prevent from erroneous author or reference changes Resolved 11/07/2016
Related to Edit - bug #7147: GrantedAuthorityRevokingDeleteListener implemented New 12/21/2017
Related to Edit - feature request #7150: GrantedAuthorities & PermissionVoter for Cdm Collection type Closed 12/22/2017
Follows Edit - feature request #6655: Implement a RegistrationManager with state machine Rejected 05/19/2017
Copied from Edit - feature request #4305: newly created entities must stay editable even if a user only has the permission to create them In Progress 08/06/2014

Associated revisions

Revision 499f55b2 (diff)
Added by Andreas Kohlbecker about 1 year ago

ref #6867 ref #7026 extending UserHelper to allow creation of authorities with propeties and test button in debug mode

Revision 2ff5539a (diff)
Added by Andreas Kohlbecker about 1 year ago

ref #6867 public access to RunAsAuthenticator methods

Revision 3d9a0098 (diff)
Added by Andreas Kohlbecker about 1 year ago

ref #6867 RegistrationWorkingsetEditor: granting UPDATE permissions for SpecimenOrObservationBase entities

Revision 71706315 (diff)
Added by Andreas Kohlbecker about 1 year ago

ref #6867 using runAsAuthentication ROLE_USERMANAGER to grant per entity authorities

Revision 55ecdf3a (diff)
Added by Andreas Kohlbecker about 1 year ago

ref #6867 generic failsave mechanism to grant per entity permission in CdmPopupEditors

Revision 834db381 (diff)
Added by Andreas Kohlbecker about 1 year ago

ref #6867 assigning UPDATE,DELETE for new Persons and Teams and fixing bugs related to TeamOrPersonField:
- prevent from saving empty persons and teams

Revision af48539c (diff)
Added by Andreas Kohlbecker 12 months ago

ref #6867 GrantedAuthorityRevokingRegistrationUpdateLister implemented

Revision 68bfc9da (diff)
Added by Andreas Kohlbecker 12 months ago

ref #6867 extending the CdmPermissionClass enum and CdmAuthority support for sets

Revision 98f59aa5 (diff)
Added by Andreas Kohlbecker 12 months ago

ref #6867 GrantedAuthorityRevokingRegistrationUpdateLister implemented

Revision 77d3424c (diff)
Added by Andreas Kohlbecker 12 months ago

ref #6867 deproxy hibernate proxys

Revision e0aeb58c (diff)
Added by Andreas Kohlbecker 12 months ago

ref #6867 crating per entity permissions for new References

History

#1 Updated by Andreas Kohlbecker over 1 year ago

  • Copied from feature request #4305: newly created entities must stay editable even if a user only has the permission to create them added

#2 Updated by Andreas Kohlbecker over 1 year ago

  • Description updated (diff)

#3 Updated by Andreas Kohlbecker over 1 year ago

  • % Done changed from 10 to 20

#4 Updated by Andreas Kohlbecker over 1 year ago

  • Due date set to 05/22/2017
  • Start date changed from 08/06/2014 to 05/22/2017
  • Follows feature request #6655: Implement a RegistrationManager with state machine added

#5 Updated by Andreas Kohlbecker over 1 year ago

  • Description updated (diff)

#6 Updated by Andreas Kohlbecker over 1 year ago

  • Related to bug #6886: Entity creation for users having only CREATE may fail in long running conversations added

#7 Updated by Andreas Kohlbecker over 1 year ago

  • Related to bug #6185: prevent from erroneous author or reference changes added

#8 Updated by Andreas Kohlbecker about 1 year ago

  • Target version changed from Release 4.10 to Release 4.11

#9 Updated by Andreas Kohlbecker about 1 year ago

  • Status changed from Feedback to New

#10 Updated by Andreas Kohlbecker about 1 year ago

  • Description updated (diff)
  • Category changed from cdmlib to cdm-vaadin

#11 Updated by Andreas Kohlbecker about 1 year ago

  • Description updated (diff)

#12 Updated by Andreas Müller about 1 year ago

  • Target version changed from Release 4.11 to Release 4.12

#13 Updated by Andreas Müller about 1 year ago

  • Target version changed from Release 4.12 to Release 4.13

#14 Updated by Andreas Kohlbecker about 1 year ago

  • Description updated (diff)
  • Status changed from New to In Progress

#15 Updated by Andreas Kohlbecker 12 months ago

  • Description updated (diff)

#16 Updated by Andreas Kohlbecker 12 months ago

  • Description updated (diff)

#17 Updated by Andreas Kohlbecker 12 months ago

  • Related to bug #7147: GrantedAuthorityRevokingDeleteListener implemented added

#18 Updated by Andreas Kohlbecker 12 months ago

  • Description updated (diff)

#19 Updated by Andreas Kohlbecker 12 months ago

#20 Updated by Andreas Müller 11 months ago

  • Target version changed from Release 4.13 to Release 4.14

#21 Updated by Andreas Kohlbecker 11 months ago

  • Target version changed from Release 4.14 to Release 4.13

#22 Updated by Andreas Müller 7 months ago

Can this be closed or set to review?
When not "In Progress" anymore please close according milestone as all other open tickets are Resolved or Feedback tickets.

#23 Updated by Andreas Kohlbecker 7 months ago

  • Description updated (diff)

#24 Updated by Andreas Kohlbecker 7 months ago

  • Status changed from In Progress to Closed

this seems to be fully implemented and properly working, so the issue can be closed.

#25 Updated by Andreas Kohlbecker 6 months ago

  • Description updated (diff)

#26 Updated by Andreas Kohlbecker 4 months ago

  • Description updated (diff)

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 40 MB)