Project

General

Profile

feature request #6867

explicitely assign and revoke UPDATE & DELETE permission per enitity in the registration workflow

Added by Andreas Kohlbecker over 1 year ago. Updated 6 months ago.

Status:
Closed
Priority:
New
Category:
cdm-vaadin
Target version:
Start date:
12/21/2017
Due date:
% Done:

100%

Severity:
blocker

Description

After an in depth discussion in #4305 we decided that for phyconbank the strategy D) (per instance UPDATE & DELETE permission) would be the most appropriate:

  • a submitter will the per instance UPDATE+DELETE permission when he creates a Reference, TeamOrPersonBase, Name instance.
  • once a registration is set to the states rejected, ready or published the UPDATE+DELETE permission must be revoked again, so that the registered name and references are protected from being changed after the editing registration workflow has ended.

The RegistrationManager (#6655) will be responsible for assigning and revoking of authorities. NOTE: It is more reliable to implement the revoking of permissions in a GrantedAuthorityRevokingRegistrationUpdateListener which has been implemented with for #7148 in cdm-vaadin|af48539c


For the future is might be good idea to move the assignment of authorities into the cdmlib istelf:

  • A ExtendedCreatePermissionManager. This implements listener interfaces
    • hibernate SaveOrUpdateEventListener or Interceptor to be able to act when a newly created instance of Reference, TeamOrPersonBase, Name, ... is being saved, see #7147
    • RegistrationStateChangeEventLister to be noticed when the registration state is changed to rejected, ready or published so that the permissions can be revoked. ==> this has been implemented as Hibernate PostUpdateEventListener the GrantedAuthorityRevokingRegistrationUpdateListener DONE

Subtasks

feature request #7148: GrantedAuthorityRevokingRegistrationUpdateLister: delete orphan references to GrantedAuthorityImpl in User and GroupClosedAndreas Kohlbecker


Related issues

Related to Edit - bug #6886: Entity creation for users having only CREATE may fail in long running conversations Duplicate 08/04/2017
Related to AlgenRegistrierung - bug #6185: prevent from erroneous author or reference changes Resolved 11/07/2016
Related to Edit - bug #7147: GrantedAuthorityRevokingDeleteListener implemented New 12/21/2017
Related to Edit - feature request #7150: GrantedAuthorities & PermissionVoter for Cdm Collection type Closed 12/22/2017
Follows Edit - feature request #6655: Implement a RegistrationManager with state machine Rejected 05/19/2017
Copied from Edit - feature request #4305: newly created entities must stay editable even if a user only has the permission to create them In Progress 08/06/2014

Associated revisions

Revision 499f55b2 (diff)
Added by Andreas Kohlbecker over 1 year ago

ref #6867 ref #7026 extending UserHelper to allow creation of authorities with propeties and test button in debug mode

Revision 2ff5539a (diff)
Added by Andreas Kohlbecker over 1 year ago

ref #6867 public access to RunAsAuthenticator methods

Revision 3d9a0098 (diff)
Added by Andreas Kohlbecker over 1 year ago

ref #6867 RegistrationWorkingsetEditor: granting UPDATE permissions for SpecimenOrObservationBase entities

Revision 71706315 (diff)
Added by Andreas Kohlbecker over 1 year ago

ref #6867 using runAsAuthentication ROLE_USERMANAGER to grant per entity authorities

Revision 55ecdf3a (diff)
Added by Andreas Kohlbecker over 1 year ago

ref #6867 generic failsave mechanism to grant per entity permission in CdmPopupEditors

Revision 834db381 (diff)
Added by Andreas Kohlbecker about 1 year ago

ref #6867 assigning UPDATE,DELETE for new Persons and Teams and fixing bugs related to TeamOrPersonField:
- prevent from saving empty persons and teams

Revision af48539c (diff)
Added by Andreas Kohlbecker about 1 year ago

ref #6867 GrantedAuthorityRevokingRegistrationUpdateLister implemented

Revision 68bfc9da (diff)
Added by Andreas Kohlbecker about 1 year ago

ref #6867 extending the CdmPermissionClass enum and CdmAuthority support for sets

Revision 98f59aa5 (diff)
Added by Andreas Kohlbecker about 1 year ago

ref #6867 GrantedAuthorityRevokingRegistrationUpdateLister implemented

Revision 77d3424c (diff)
Added by Andreas Kohlbecker about 1 year ago

ref #6867 deproxy hibernate proxys

Revision e0aeb58c (diff)
Added by Andreas Kohlbecker about 1 year ago

ref #6867 crating per entity permissions for new References

History

#1 Updated by Andreas Kohlbecker over 1 year ago

  • Copied from feature request #4305: newly created entities must stay editable even if a user only has the permission to create them added

#2 Updated by Andreas Kohlbecker over 1 year ago

  • Description updated (diff)

#3 Updated by Andreas Kohlbecker over 1 year ago

  • % Done changed from 10 to 20

#4 Updated by Andreas Kohlbecker over 1 year ago

  • Due date set to 05/22/2017
  • Start date changed from 08/06/2014 to 05/22/2017
  • Follows feature request #6655: Implement a RegistrationManager with state machine added

#5 Updated by Andreas Kohlbecker over 1 year ago

  • Description updated (diff)

#6 Updated by Andreas Kohlbecker over 1 year ago

  • Related to bug #6886: Entity creation for users having only CREATE may fail in long running conversations added

#7 Updated by Andreas Kohlbecker over 1 year ago

  • Related to bug #6185: prevent from erroneous author or reference changes added

#8 Updated by Andreas Kohlbecker over 1 year ago

  • Target version changed from Release 4.10 to Release 4.11

#9 Updated by Andreas Kohlbecker over 1 year ago

  • Status changed from Feedback to New

#10 Updated by Andreas Kohlbecker over 1 year ago

  • Description updated (diff)
  • Category changed from cdmlib to cdm-vaadin

#11 Updated by Andreas Kohlbecker over 1 year ago

  • Description updated (diff)

#12 Updated by Andreas Müller over 1 year ago

  • Target version changed from Release 4.11 to Release 4.12

#13 Updated by Andreas Müller about 1 year ago

  • Target version changed from Release 4.12 to Release 4.13

#14 Updated by Andreas Kohlbecker about 1 year ago

  • Description updated (diff)
  • Status changed from New to In Progress

#15 Updated by Andreas Kohlbecker about 1 year ago

  • Description updated (diff)

#16 Updated by Andreas Kohlbecker about 1 year ago

  • Description updated (diff)

#17 Updated by Andreas Kohlbecker about 1 year ago

  • Related to bug #7147: GrantedAuthorityRevokingDeleteListener implemented added

#18 Updated by Andreas Kohlbecker about 1 year ago

  • Description updated (diff)

#19 Updated by Andreas Kohlbecker about 1 year ago

#20 Updated by Andreas Müller about 1 year ago

  • Target version changed from Release 4.13 to Release 4.14

#21 Updated by Andreas Kohlbecker about 1 year ago

  • Target version changed from Release 4.14 to Release 4.13

#22 Updated by Andreas Müller 10 months ago

Can this be closed or set to review?
When not "In Progress" anymore please close according milestone as all other open tickets are Resolved or Feedback tickets.

#23 Updated by Andreas Kohlbecker 10 months ago

  • Description updated (diff)

#24 Updated by Andreas Kohlbecker 10 months ago

  • Status changed from In Progress to Closed

this seems to be fully implemented and properly working, so the issue can be closed.

#25 Updated by Andreas Kohlbecker 8 months ago

  • Description updated (diff)

#26 Updated by Andreas Kohlbecker 6 months ago

  • Description updated (diff)

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 40 MB)