EDIT

Category:

cdm-vaadin

Target version:

Release 4.13

Start date:

Due date:

% Done:

100%

Estimated time:

(Total: 0:00 h)

Severity:

blocker

Tags:

security permission phycobank

Description

After an in depth discussion in #4305 we decided that for phyconbank the strategy D) (per instance UPDATE & DELETE permission) would be the most appropriate:

a submitter will get the per instance UPDATE+DELETE permission when creating a Reference, TeamOrPersonBase, Name instance.
once a registration is set to the states rejected, ready or published the UPDATE+DELETE permission must be revoked again, so that the registered name and references are protected from being changed after the editing registration workflow has ended.

~~The RegistrationManager (#6655) will be responsible for assigning and revoking of authorities.~~ NOTE: It is more reliable to implement the revoking of permissions in a GrantedAuthorityRevokingRegistrationUpdateListener which has been implemented with for #7148 in cdm-vaadin|af48539c

For the future is might be good idea to move the assignment of authorities into the cdmlib istelf:

A ExtendedCreatePermissionManager. This implements listener interfaces
- hibernate SaveOrUpdateEventListener or Interceptor to be able to act when a newly created instance of Reference, TeamOrPersonBase, Name, ... is being saved, see #7147
- RegistrationStateChangeEventLister to be noticed when the registration state is changed to rejected, ready or published so that the permissions can be revoked. ==> this has been implemented as Hibernate PostUpdateEventListener the GrantedAuthorityRevokingRegistrationUpdateListener DONE

Subtasks 1 (0 open — 1 closed)

Related issues

Related to EDIT - bug #6886: Entity creation for users having only CREATE may fail in long running conversations

Duplicate

Andreas Müller

Related to PhycoBank - bug #6185: prevent from erroneous author or reference changes

Closed

Related to EDIT - bug #7147: GrantedAuthorityRevokingDeleteListener implemented

New

Andreas Müller

Related to EDIT - feature request #7150: GrantedAuthorities & PermissionVoter for Cdm Collection type

Closed

Related to EDIT - task #8168: Check if withdrawing of per entity permission is working correctly for inReferences

New

Related to EDIT - task #8835: DISCUSS if the UPDATE & DELETE permission stategy should become a general principle in the cdmlib

New

Follows EDIT - feature request #6655: Implement a RegistrationManager with state machine

Rejected

Copied from EDIT - feature request #4305: newly created entities must stay editable even if a user only has the permission to create them

In Progress

Updated by Andreas Kohlbecker over 6 years ago

Copied from feature request #4305: newly created entities must stay editable even if a user only has the permission to create them added

Actions

Updated by Andreas Kohlbecker over 6 years ago

Description updated (diff)

Actions

Updated by Andreas Kohlbecker over 6 years ago

% Done changed from 10 to 20

Actions

Updated by Andreas Kohlbecker over 6 years ago

Due date set to 05/22/2017
Start date changed from 08/06/2014 to 05/22/2017
Follows feature request #6655: Implement a RegistrationManager with state machine added

Actions

Updated by Andreas Kohlbecker over 6 years ago

Description updated (diff)

Actions

Updated by Andreas Kohlbecker over 6 years ago

Related to bug #6886: Entity creation for users having only CREATE may fail in long running conversations added

Actions

Updated by Andreas Kohlbecker about 6 years ago

Related to bug #6185: prevent from erroneous author or reference changes added

Actions

Updated by Andreas Kohlbecker about 6 years ago

Target version changed from Release 4.10 to Release 4.11

Actions

Updated by Andreas Kohlbecker about 6 years ago

Status changed from Feedback to New

Actions

#10

Updated by Andreas Kohlbecker about 6 years ago

Description updated (diff)
Category changed from cdmlib to cdm-vaadin

Actions

#11

Updated by Andreas Kohlbecker about 6 years ago

Description updated (diff)

Actions

#12

Updated by Andreas Müller about 6 years ago

Target version changed from Release 4.11 to Release 4.12

Actions

#13

Updated by Andreas Müller almost 6 years ago

Target version changed from Release 4.12 to Release 4.13

Actions

#14

Updated by Andreas Kohlbecker almost 6 years ago

Description updated (diff)
Status changed from New to In Progress

Actions

#15

Updated by Andreas Kohlbecker almost 6 years ago

Description updated (diff)

Actions

#16

Updated by Andreas Kohlbecker almost 6 years ago

Description updated (diff)

Actions

#17

Updated by Andreas Kohlbecker almost 6 years ago

Related to bug #7147: GrantedAuthorityRevokingDeleteListener implemented added

Actions

#18

Updated by Andreas Kohlbecker almost 6 years ago

Description updated (diff)

Actions

#19

Updated by Andreas Kohlbecker almost 6 years ago

Related to feature request #7150: GrantedAuthorities & PermissionVoter for Cdm Collection type added

Actions

#20

Updated by Andreas Müller almost 6 years ago

Target version changed from Release 4.13 to Release 4.14

Actions

#21

Updated by Andreas Kohlbecker almost 6 years ago

Target version changed from Release 4.14 to Release 4.13

Actions

#22

Updated by Andreas Müller over 5 years ago

Can this be closed or set to review?
When not "In Progress" anymore please close according milestone as all other open tickets are Resolved or Feedback tickets.

Actions