feature request #6867
closed
explicitely assign and revoke UPDATE & DELETE permission per enitity in the registration workflow
Added by Andreas Kohlbecker over 6 years ago.
Updated about 4 years ago.
Estimated time:
(Total: 0:00 h)
Description
After an in depth discussion in #4305 we decided that for phyconbank the strategy D) (per instance UPDATE & DELETE permission) would be the most appropriate:
- a submitter will get the per instance UPDATE+DELETE permission when creating a Reference, TeamOrPersonBase, Name instance.
- once a registration is set to the states
rejected
, ready
or published
the UPDATE+DELETE permission must be revoked again, so that the registered name and references are protected from being changed after the editing registration workflow has ended.
The RegistrationManager
(#6655) will be responsible for assigning and revoking of authorities. NOTE: It is more reliable to implement the revoking of permissions in a GrantedAuthorityRevokingRegistrationUpdateListener
which has been implemented with for #7148 in cdm-vaadin|af48539c
For the future is might be good idea to move the assignment of authorities into the cdmlib istelf:
- A
ExtendedCreatePermissionManager
. This implements listener interfaces
- hibernate
SaveOrUpdateEventListener
or Interceptor
to be able to act when a newly created instance of Reference, TeamOrPersonBase, Name, ... is being saved, see #7147
RegistrationStateChangeEventLister
to be noticed when the registration state is changed to rejected
, ready
or published
so that the permissions can be revoked. ==> this has been implemented as Hibernate PostUpdateEventListener the GrantedAuthorityRevokingRegistrationUpdateListener
DONE
- Copied from feature request #4305: newly created entities must stay editable even if a user only has the permission to create them added
- Description updated (diff)
- % Done changed from 10 to 20
- Due date set to 05/22/2017
- Start date changed from 08/06/2014 to 05/22/2017
- Follows feature request #6655: Implement a RegistrationManager with state machine added
- Description updated (diff)
- Related to bug #6886: Entity creation for users having only CREATE may fail in long running conversations added
- Related to bug #6185: prevent from erroneous author or reference changes added
- Target version changed from Release 4.10 to Release 4.11
- Status changed from Feedback to New
- Description updated (diff)
- Category changed from cdmlib to cdm-vaadin
- Description updated (diff)
- Target version changed from Release 4.11 to Release 4.12
- Target version changed from Release 4.12 to Release 4.13
- Description updated (diff)
- Status changed from New to In Progress
- Description updated (diff)
- Description updated (diff)
- Related to bug #7147: GrantedAuthorityRevokingDeleteListener implemented added
- Description updated (diff)
- Target version changed from Release 4.13 to Release 4.14
- Target version changed from Release 4.14 to Release 4.13
Can this be closed or set to review?
When not "In Progress" anymore please close according milestone as all other open tickets are Resolved or Feedback tickets.
- Description updated (diff)
- Status changed from In Progress to Closed
this seems to be fully implemented and properly working, so the issue can be closed.
- Description updated (diff)
- Description updated (diff)
- Related to task #8168: Check if withdrawing of per entity permission is working correctly for inReferences added
- Description updated (diff)
- Related to task #8835: DISCUSS if the UPDATE & DELETE permission stategy should become a general principle in the cdmlib added
Also available in: Atom
PDF